Sanitize input in id_h - prevent integer overflows

author thorkill <thkr@hannover.ccc.de>

Mon, 1 May 2017 10:40:22 +0000 (12:40 +0200)

committer Guus Sliepen <guus@tinc-vpn.org>

Mon, 1 May 2017 11:10:59 +0000 (13:10 +0200)
author thorkill <thkr@hannover.ccc.de>
Mon, 1 May 2017 10:40:22 +0000 (12:40 +0200)
committer Guus Sliepen <guus@tinc-vpn.org>
Mon, 1 May 2017 11:10:59 +0000 (13:10 +0200)
diff --git a/src/protocol_auth.c b/src/protocol_auth.c

index 31906ba..baf9eac 100644 (file)
--- a/src/protocol_auth.c
+++ b/src/protocol_auth.c
@@ -281,7 +281,7 @@ static bool receive_invitation_sptps(void *handle, uint8_t type, const void *dat
  bool id_h(connection_t *c, const char *request) {
         char name[MAX_STRING_SIZE];
  
-       if(sscanf(request, "%*d " MAX_STRING " %d.%d", name, &c->protocol_major, &c->protocol_minor) < 2) {
+       if(sscanf(request, "%*d " MAX_STRING " %2d.%3d", name, &c->protocol_major, &c->protocol_minor) < 2) {
                 logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "ID", c->name,
                            c->hostname);
                 return false;
author	thorkill <thkr@hannover.ccc.de>
	Mon, 1 May 2017 10:40:22 +0000 (12:40 +0200)
committer	Guus Sliepen <guus@tinc-vpn.org>
	Mon, 1 May 2017 11:10:59 +0000 (13:10 +0200)