From 2eb4611de8eb1fc874b59b757abfe90b30851d1f Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Wed, 29 Jun 2011 05:00:56 -0500
Subject: ppp: Add basic length sanity checks

---
 gatchat/ppp_auth.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'gatchat/ppp_auth.c')

diff --git a/gatchat/ppp_auth.c b/gatchat/ppp_auth.c
index 4ad31a2c..0f8cffab 100644
--- a/gatchat/ppp_auth.c
+++ b/gatchat/ppp_auth.c
@@ -118,9 +118,15 @@ challenge_out:
 /*
  * parse the packet
  */
-void ppp_chap_process_packet(struct ppp_chap *chap, const guint8 *new_packet)
+void ppp_chap_process_packet(struct ppp_chap *chap, const guint8 *new_packet,
+				gsize len)
 {
-	guint8 code = new_packet[0];
+	guint8 code;
+
+	if (len < sizeof(struct chap_header))
+		return;
+
+	code = new_packet[0];
 
 	switch (code) {
 	case CHALLENGE:
-- 
cgit v1.2.3