]> tinc-vpn.org Git - tinc/blobdiff - src/net_packet.c
projects / tinc / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Prevent oracle attacks in the legacy protocol (CVE-2018-16737, CVE-2018-16738)
[tinc] / src / net_packet.c
diff --git a/src/net_packet.c b/src/net_packet.c
index ebf2938acb8bc826f2dd517d37b700f0a41718bf..a516b4a9fb893e38831c7beb40e153c97326d5ab 100644 (file)
--- a/src/net_packet.c
+++ b/src/net_packet.c
@@ -167,7 +167,6 @@ static void udp_probe_h(node_t *n, vpn_packet_t *packet, length_t len) {
           packet used. */
        if(!n->status.udp_confirmed) {
                n->status.udp_confirmed = true;
-               fprintf(stderr, "Updating address cache...\n");
 
                if(!n->address_cache) {
                        n->address_cache = open_address_cache(n);
@@ -462,7 +461,11 @@ static bool receive_udppacket(node_t *n, vpn_packet_t *inpkt) {
 
                inpkt = outpkt;
 
-               origlen -= MTU / 64 + 20;
+               if(origlen > MTU / 64 + 20) {
+                       origlen -= MTU / 64 + 20;
+               } else {
+                       origlen = 0;
+               }
        }
 
        if(inpkt->len > n->maxrecentlen) {
tinc, the VPN daemon