diff options
Diffstat (limited to 'g10/parse-packet.c')
| -rw-r--r-- | g10/parse-packet.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/g10/parse-packet.c b/g10/parse-packet.c index ab4655d5f..f1d7f7131 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -2214,11 +2214,22 @@ parse_attribute( IOBUF inp, int pkttype, unsigned long pktlen, PACKET *packet ) (void)pkttype; + /* We better cap the size of an attribute packet to make DoS not + too easy. 16MB should be more then enough for one attribute + packet (ie. a photo). */ + if (pktlen > 16*1024*1024) { + log_error ("packet(%d) too large\n", pkttype); + if (list_mode) + fprintf (listfp, ":attribute packet: [too large]\n"); + iobuf_skip_rest (inp, pktlen, 0); + return G10ERR_INVALID_PACKET; + } + #define EXTRA_UID_NAME_SPACE 71 packet->pkt.user_id = xmalloc_clear(sizeof *packet->pkt.user_id + EXTRA_UID_NAME_SPACE); packet->pkt.user_id->ref=1; - packet->pkt.user_id->attrib_data = xmalloc(pktlen); + packet->pkt.user_id->attrib_data = xmalloc(pktlen? pktlen:1); packet->pkt.user_id->attrib_len = pktlen; p = packet->pkt.user_id->attrib_data; |