From a7fe885dc5dd318717383d4b4bfb3b83ebd728ab Mon Sep 17 00:00:00 2001 From: John Crispin Date: Wed, 14 Jun 2023 15:29:31 +0200 Subject: [PATCH] radius-gw-proxy: improve header length sanity check Signed-off-by: John Crispin --- feeds/ucentral/radius-gw-proxy/src/main.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/feeds/ucentral/radius-gw-proxy/src/main.c b/feeds/ucentral/radius-gw-proxy/src/main.c index 06468e0b3..c8a67f53d 100644 --- a/feeds/ucentral/radius-gw-proxy/src/main.c +++ b/feeds/ucentral/radius-gw-proxy/src/main.c @@ -158,9 +158,15 @@ radius_parse(char *buf, unsigned int len, int port, enum socket_type type, int t struct radius_tlv *proxy_state = NULL; char proxy_state_str[256] = {}; void *avp = hdr->avp; - unsigned int len_orig = ntohs(hdr->len); + unsigned int len_orig; uint8_t localhost[] = { 0x7f, 0, 0, 1 }; + if (len < sizeof(*hdr)) { + ULOG_ERR("invalid packet length, %d\n", len); + return -1; + } + len_orig = ntohs(hdr->len); + if (len_orig != len) { ULOG_ERR("invalid header length, %d %d\n", len_orig, len); return -1;