From: Martin Willi <martin@revosec.ch>
Date: Wed, 21 Dec 2011 12:54:40 +0000 (+0100)
Subject: Give a hint that decryption failed if payload length invalid
X-Git-Tag: 5.0.0~338^2~9^2~122
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dd5c3787dc38373237626796f7efeab63b8418c4;p=thirdparty%2Fstrongswan.git

Give a hint that decryption failed if payload length invalid
---

diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c
index f3c4b3996d..096079ad76 100644
--- a/src/libcharon/encoding/payloads/encryption_payload.c
+++ b/src/libcharon/encoding/payloads/encryption_payload.c
@@ -432,6 +432,13 @@ static status_t parse(private_encryption_payload_t *this, chunk_t plain)
 	{
 		payload_t *payload;
 
+		if (plain.len < 4 || untoh16(plain.ptr + 2) > plain.len)
+		{
+			DBG1(DBG_ENC, "invalid %N payload length, decryption failed?",
+				 payload_type_names, type);
+			parser->destroy(parser);
+			return PARSE_ERROR;
+		}
 		if (parser->parse_payload(parser, type, &payload) != SUCCESS)
 		{
 			parser->destroy(parser);