mirror of
https://github.com/znc/znc.git
synced 2026-07-05 17:31:06 +02:00
sasl: Add missing length check
This could otherwise lead to an integer underflow on specially crafted input. Signed-off-by: Uli Schlachter <psychon@znc.in>
This commit is contained in:
@@ -145,6 +145,11 @@ public:
|
||||
data += size;
|
||||
|
||||
/* Server public key */
|
||||
if (length < 2) {
|
||||
DEBUG("sasl: No public key");
|
||||
return false;
|
||||
}
|
||||
|
||||
size = ntohs(*(uint16_t*)data);
|
||||
data += 2;
|
||||
length -= 2;
|
||||
|
||||
Reference in New Issue
Block a user