As other functions that accept a signed length, make sure it is sane in
NNA_DecryptAuthEF() too.
void *ef_body;
struct AuthHeader *header;
+ if (buffer_length < 0)
+ return 0;
+
if (!NEF_ParseField(packet, info->length, ef_start,
NULL, &ef_type, &ef_body, &ef_body_length))
return 0;
TEST_CHECK(r);
TEST_CHECK(info.length - packet_length >= min_ef_length);
+ r = NNA_DecryptAuthEF(&packet, &info, siv, packet_length, plaintext2,
+ -1, &plaintext2_length);
+ TEST_CHECK(!r);
+
r = NNA_DecryptAuthEF(&packet, &info, siv, packet_length, plaintext2,
sizeof (plaintext2), &plaintext2_length);
TEST_CHECK(r);
projects / thirdparty / chrony.git / commitdiff
