From b1f7f0c63370d447adb8d1b188beed65777fe232 Mon Sep 17 00:00:00 2001
From: Fritz Elfert <felfert@to.com>
Date: Thu, 11 Jul 2002 17:15:53 +0000
Subject:  - Fixed a possible exploit when using telnet (or any other network  
  client) connecting to ncpd.

---
 lib/ppsocket.cc | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lib/ppsocket.cc')

diff --git a/lib/ppsocket.cc b/lib/ppsocket.cc
index 0053436..8940148 100644
--- a/lib/ppsocket.cc
+++ b/lib/ppsocket.cc
@@ -297,6 +297,8 @@ getBufferStore(bufferStore & a, bool wait)
 	return -1;
     }
     l = ntohl(l);
+    if (l > 16384)
+	    return -1;
     bp = buff = new unsigned char[l];
     while (l > 0) {
 	int j = recv(bp, l, MSG_NOSIGNAL);
-- 
cgit v1.2.3