Sanitize mud_decrypt_msg()

Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
2020-01-07 10:01:15 +00:00
parent c536bef802
commit 7d59eedd39
1 changed files with 1 additions and 1 deletions
--- a/mud.c
+++ b/mud.c
@@ -1144,7 +1144,7 @@ mud_decrypt_msg(struct mud *mud,
 {
    const size_t size = src_size - MUD_PKT_MIN_SIZE;

-    if (size < sizeof(struct mud_msg))
+    if (size < sizeof(struct mud_msg) || size > dst_size)
        return 0;

    const struct mud_crypto_opt opt = {