From e8c8efe5ec093428a0af300931f9147732c91fa9 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Fri, 27 Mar 2020 13:32:16 +0100
Subject: more stringent overflow checks

---
 src/bank-lib/bank_api_transfer.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/bank-lib/bank_api_transfer.c b/src/bank-lib/bank_api_transfer.c
index 45bbb46ee..c8fbe6908 100644
--- a/src/bank-lib/bank_api_transfer.c
+++ b/src/bank-lib/bank_api_transfer.c
@@ -284,7 +284,10 @@ TALER_BANK_transfer (
   }
   d_len = ntohl (wp->account_len);
   u_len = ntohl (wp->exchange_url_len);
-  if (sizeof (*wp) + d_len + u_len != buf_size)
+  if ( (sizeof (*wp) + d_len + u_len != buf_size) ||
+       (d_len > buf_size) ||
+       (u_len > buf_size) ||
+       (d_len + u_len > buf_size) )
   {
     GNUNET_break (0);
     return NULL;
-- 
cgit v1.2.3