j3d1/tinc
1
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

Check for an illegal length of passphrase in read_passphrase().

Browse source
This commit is contained in:
Ivo Timmermans 2000-04-17 16:52:58 +00:00
parent baebae2749
commit c924689690
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/encr.c
View file

@ -107,7 +107,12 @@ int read_passphrase(char *which, char **out)
} }
fscanf(f, "%d ", &size); fscanf(f, "%d ", &size);
size >>= 2; /* nibbles->bits */ if(size < 1 || size > (1<<15))
{
syslog(LOG_ERR, "Illegal passphrase in %s; size would be %d", filename, size);
return -1;
}
size >>= 2; /* bits->nibbles */
pp = xmalloc(size+2); pp = xmalloc(size+2);
fgets(pp, size+1, f); fgets(pp, size+1, f);
fclose(f); fclose(f);