more stringent overflow checks

author: Christian Grothoff <christian@grothoff.org> 2020-03-27 13:32:16 +0100
committer: Christian Grothoff <christian@grothoff.org> 2020-03-27 13:32:16 +0100
commit: e8c8efe5ec093428a0af300931f9147732c91fa9 (patch)
tree: 6706ea51e3070b0ea74f1d5bde21aaa2c54bbf77 /src/bank-lib/bank_api_transfer.c
parent: 1c1d4e1ad664472391e2774b4f5b844addccd25a (diff)
download: exchange-e8c8efe5ec093428a0af300931f9147732c91fa9.tar.gz
exchange-e8c8efe5ec093428a0af300931f9147732c91fa9.tar.bz2
exchange-e8c8efe5ec093428a0af300931f9147732c91fa9.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/src/bank-lib/bank_api_transfer.c b/src/bank-lib/bank_api_transfer.c
index 45bbb46ee..c8fbe6908 100644
--- a/src/bank-lib/bank_api_transfer.c
+++ b/src/bank-lib/bank_api_transfer.c
@@ -284,7 +284,10 @@ TALER_BANK_transfer (
   }
   d_len = ntohl (wp->account_len);
   u_len = ntohl (wp->exchange_url_len);
-  if (sizeof (*wp) + d_len + u_len != buf_size)
+  if ( (sizeof (*wp) + d_len + u_len != buf_size) ||
+       (d_len > buf_size) ||
+       (u_len > buf_size) ||
+       (d_len + u_len > buf_size) )
   {
     GNUNET_break (0);
     return NULL;
author	Christian Grothoff <christian@grothoff.org>	2020-03-27 13:32:16 +0100
committer	Christian Grothoff <christian@grothoff.org>	2020-03-27 13:32:16 +0100
commit	e8c8efe5ec093428a0af300931f9147732c91fa9 (patch)
tree	6706ea51e3070b0ea74f1d5bde21aaa2c54bbf77 /src/bank-lib/bank_api_transfer.c
parent	1c1d4e1ad664472391e2774b4f5b844addccd25a (diff)
download	exchange-e8c8efe5ec093428a0af300931f9147732c91fa9.tar.gz exchange-e8c8efe5ec093428a0af300931f9147732c91fa9.tar.bz2 exchange-e8c8efe5ec093428a0af300931f9147732c91fa9.zip