Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request from GHSA-5g4r-2qhx-vqfm
Verify exact length of auth_data_len
  • Loading branch information
jhawthorn committed Jun 6, 2022
2 parents 7057f36 + e3e866e commit 6bed627
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 4 deletions.
2 changes: 1 addition & 1 deletion contrib/ruby/Gemfile.lock
@@ -1,7 +1,7 @@
PATH
remote: .
specs:
trilogy (2.1.0)
trilogy (2.1.1)

GEM
remote: https://rubygems.org/
Expand Down
2 changes: 1 addition & 1 deletion contrib/ruby/lib/trilogy/version.rb
@@ -1,3 +1,3 @@
class Trilogy
VERSION = "2.1.0"
VERSION = "2.1.1"
end
6 changes: 4 additions & 2 deletions src/protocol.c
Expand Up @@ -275,8 +275,10 @@ int trilogy_parse_handshake_packet(const uint8_t *buff, size_t len, trilogy_hand
if (out_packet->capabilities & TRILOGY_CAPABILITIES_SECURE_CONNECTION && auth_data_len > 8) {
uint8_t remaining_auth_data_len = auth_data_len - 8;

if (remaining_auth_data_len > 13) {
remaining_auth_data_len = 13;
// The auth plugins we support all provide exactly 21 bytes of
// auth_data. Reject any other values for auth_data_len.
if (SCRAMBLE_LEN + 1 != auth_data_len) {
return TRILOGY_PROTOCOL_VIOLATION;
}

CHECKED(trilogy_reader_copy_buffer(&reader, remaining_auth_data_len, out_packet->scramble + 8));
Expand Down

0 comments on commit 6bed627

Please sign in to comment.