forked from pool/corosync
948754c2b0
OBS-URL: https://build.opensuse.org/request/show/596060 OBS-URL: https://build.opensuse.org/package/show/network:ha-clustering:Factory/corosync?expand=0&rev=140
27 lines
1.0 KiB
Diff
27 lines
1.0 KiB
Diff
--- corosync-2.4.3.orig/exec/totemcrypto.c 2017-10-20 20:40:19.000000000 +0800
|
|
+++ corosync-2.4.3/exec/totemcrypto.c 2018-04-13 13:01:02.864922963 +0800
|
|
@@ -736,6 +736,11 @@
|
|
unsigned char tmp_hash[hash_len[instance->crypto_hash_type]];
|
|
int datalen = *buf_len - hash_len[instance->crypto_hash_type];
|
|
|
|
+ if (*buf_len <= hash_len[instance->crypto_hash_type]) {
|
|
+ log_printf(instance->log_level_security, "Received message is too short... ignoring");
|
|
+ return -1;
|
|
+ }
|
|
+
|
|
if (calculate_nss_hash(instance, buf, datalen, tmp_hash) < 0) {
|
|
return -1;
|
|
}
|
|
@@ -845,6 +850,11 @@
|
|
{
|
|
struct crypto_config_header *cch = (struct crypto_config_header *)buf;
|
|
|
|
+ if (*buf_len <= sizeof(struct crypto_config_header)) {
|
|
+ log_printf(instance->log_level_security, "Received message is too short... ignoring");
|
|
+ return (-1);
|
|
+ }
|
|
+
|
|
if (cch->crypto_cipher_type != CRYPTO_CIPHER_TYPE_2_3) {
|
|
log_printf(instance->log_level_security,
|
|
"Incoming packet has different crypto type. Rejecting");
|