From bd3dcba5488a4c6e5daee0998d40f76c9fe1f78c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc=20Andr=C3=A9=20Tanner?= <mat@brain-dump.org>
Date: Tue, 17 Feb 2015 00:20:38 +0100
Subject: [PATCH] Validate packet size before sending/receiving

---
 abduco.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/abduco.c b/abduco.c
index 061de11..18fdeeb 100644
--- a/abduco.c
+++ b/abduco.c
@@ -173,6 +173,8 @@ static ssize_t read_all(int fd, char *buf, size_t len) {
 
 static bool send_packet(int socket, Packet *pkt) {
 	size_t size = packet_size(pkt);
+	if (size > sizeof(*pkt))
+		return false;
 	return write_all(socket, (char *)pkt, size) == size;
 }
 
@@ -180,6 +182,8 @@ static bool recv_packet(int socket, Packet *pkt) {
 	ssize_t len = read_all(socket, (char*)pkt, packet_header_size());
 	if (len <= 0 || len != packet_header_size())
 		return false;
+	if (len > sizeof(pkt->u.msg))
+		return false;
 	if (pkt->len > 0) {
 		len = read_all(socket, pkt->u.msg, pkt->len);
 		if (len <= 0 || len != pkt->len)