From: Ivo Timmermans Date: Mon, 17 Apr 2000 16:52:58 +0000 (+0000) Subject: Check for an illegal length of passphrase in read_passphrase(). X-Git-Tag: import-tinc-1.1~1020 X-Git-Url: https://git.meshlink.io/?a=commitdiff_plain;h=c9246896901ff1ebad91ac399a4ea79fad941f75;p=meshlink Check for an illegal length of passphrase in read_passphrase(). --- diff --git a/src/encr.c b/src/encr.c index e78ed5ec..c34c1c93 100644 --- a/src/encr.c +++ b/src/encr.c @@ -107,7 +107,12 @@ int read_passphrase(char *which, char **out) } fscanf(f, "%d ", &size); - size >>= 2; /* nibbles->bits */ + if(size < 1 || size > (1<<15)) + { + syslog(LOG_ERR, "Illegal passphrase in %s; size would be %d", filename, size); + return -1; + } + size >>= 2; /* bits->nibbles */ pp = xmalloc(size+2); fgets(pp, size+1, f); fclose(f);