Give a hint that decryption failed if payload length invalid
authorMartin Willi <martin@revosec.ch>
Wed, 21 Dec 2011 12:54:40 +0000 (13:54 +0100)
committerMartin Willi <martin@revosec.ch>
Tue, 20 Mar 2012 16:31:30 +0000 (17:31 +0100)
src/libcharon/encoding/payloads/encryption_payload.c

index f3c4b39..096079a 100644 (file)
@@ -432,6 +432,13 @@ static status_t parse(private_encryption_payload_t *this, chunk_t plain)
        {
                payload_t *payload;
 
+               if (plain.len < 4 || untoh16(plain.ptr + 2) > plain.len)
+               {
+                       DBG1(DBG_ENC, "invalid %N payload length, decryption failed?",
+                                payload_type_names, type);
+                       parser->destroy(parser);
+                       return PARSE_ERROR;
+               }
                if (parser->parse_payload(parser, type, &payload) != SUCCESS)
                {
                        parser->destroy(parser);