summaryrefslogtreecommitdiff
path: root/dtls.c
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordu.net>2015-01-16 16:44:04 +0100
committerLinus Nordberg <linus@nordu.net>2015-01-16 16:51:14 +0100
commit5ca04071b14af6261c797551bcf26a3851ebbae8 (patch)
tree1eb8003b5aee3af2278ae505b78f5e213dda4839 /dtls.c
parent42eb3c67e5ee5e0a0e8b5175a001bc5822c3a919 (diff)
Fix heap overflow in raddtlsget(), radtcpget() and radtlsget().
Patch by Stephen Röttger.
Diffstat (limited to 'dtls.c')
-rw-r--r--dtls.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/dtls.c b/dtls.c
index 8be677e..f866092 100644
--- a/dtls.c
+++ b/dtls.c
@@ -239,6 +239,10 @@ unsigned char *raddtlsget(SSL *ssl, struct gqueue *rbios, int timeout) {
}
len = RADLEN(buf);
+ if (len < 4) {
+ debug(DBG_ERR, "raddtlsget: length too small");
+ continue;
+ }
rad = malloc(len);
if (!rad) {
debug(DBG_ERR, "raddtlsget: malloc failed");