From 7d59eedd39198b4d422f4208b7e85371116a0113 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrien=20Gallou=C3=ABt?= <adrien@gallouet.fr>
Date: Tue, 7 Jan 2020 10:01:15 +0000
Subject: [PATCH] Sanitize mud_decrypt_msg()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
---
 mud.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mud.c b/mud.c
index cc6d449..b4b9fed 100644
--- a/mud.c
+++ b/mud.c
@@ -1144,7 +1144,7 @@ mud_decrypt_msg(struct mud *mud,
 {
     const size_t size = src_size - MUD_PKT_MIN_SIZE;
 
-    if (size < sizeof(struct mud_msg))
+    if (size < sizeof(struct mud_msg) || size > dst_size)
         return 0;
 
     const struct mud_crypto_opt opt = {