From d600909da9ef0a4b25052c1bf2de83d4e7628b0e Mon Sep 17 00:00:00 2001 From: Ondrej Filip Date: Wed, 13 Apr 2011 13:19:37 +0200 Subject: Fixed bug FICORA #503685. --- proto/ospf/packet.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/proto/ospf/packet.c b/proto/ospf/packet.c index 3cda384..d156474 100644 --- a/proto/ospf/packet.c +++ b/proto/ospf/packet.c @@ -312,6 +312,12 @@ ospf_rx_hook(sock *sk, int size) } int osize = ntohs(ps->length); + if ((unsigned) osize < sizeof(struct ospf_packet)) + { + log(L_ERR "%s%I - too low value in size field (%u bytes)", mesg, sk->faddr, osize); + return 1; + } + if ((osize > size) || ((osize % 4) != 0)) { log(L_ERR "%s%I - size field does not match (%d/%d)", mesg, sk->faddr, osize, size); -- cgit v1.2.3