Give a hint that decryption failed if payload length invalid

author: Martin Willi <martin@revosec.ch> 2011-12-21 13:54:40 +0100
committer: Martin Willi <martin@revosec.ch> 2012-03-20 17:31:30 +0100
commit: dd5c3787dc38373237626796f7efeab63b8418c4 (patch)
tree: b55e22098c241368e0c456cb75d17d8dfc10f596 /src/libcharon/encoding/payloads/encryption_payload.c
parent: 07b8ec7c00626f2bbf8fa3e9aded9df520d50221 (diff)
download: strongswan-dd5c3787dc38373237626796f7efeab63b8418c4.tar.bz2
strongswan-dd5c3787dc38373237626796f7efeab63b8418c4.tar.xz
1 files changed, 7 insertions, 0 deletions
diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c
index f3c4b3996..096079ad7 100644
--- a/src/libcharon/encoding/payloads/encryption_payload.c
+++ b/src/libcharon/encoding/payloads/encryption_payload.c
@@ -432,6 +432,13 @@ static status_t parse(private_encryption_payload_t *this, chunk_t plain)
 	{
 		payload_t *payload;
 
+		if (plain.len < 4 || untoh16(plain.ptr + 2) > plain.len)
+		{
+			DBG1(DBG_ENC, "invalid %N payload length, decryption failed?",
+				 payload_type_names, type);
+			parser->destroy(parser);
+			return PARSE_ERROR;
+		}
 		if (parser->parse_payload(parser, type, &payload) != SUCCESS)
 		{
 			parser->destroy(parser);
author	Martin Willi <martin@revosec.ch>	2011-12-21 13:54:40 +0100
committer	Martin Willi <martin@revosec.ch>	2012-03-20 17:31:30 +0100
commit	dd5c3787dc38373237626796f7efeab63b8418c4 (patch)
tree	b55e22098c241368e0c456cb75d17d8dfc10f596 /src/libcharon/encoding/payloads/encryption_payload.c
parent	07b8ec7c00626f2bbf8fa3e9aded9df520d50221 (diff)
download	strongswan-dd5c3787dc38373237626796f7efeab63b8418c4.tar.bz2 strongswan-dd5c3787dc38373237626796f7efeab63b8418c4.tar.xz