From dfad66a83825d61031d7a61e11509a3c37ad61c4 Mon Sep 17 00:00:00 2001
From: "J.W. Schultz" <jw@samba.org>
Date: Sat, 6 Dec 2003 21:35:34 +0000
Subject: [PATCH] Sanity check s2length on recept.

---
 sender.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/sender.c b/sender.c
index a9c31bba..7d7b5862 100644
--- a/sender.c
+++ b/sender.c
@@ -42,10 +42,16 @@ void read_sum_head(int f, struct sum_struct *sum)
 
 	sum->count = read_int(f);
 	sum->blength = read_int(f);
-	if (protocol_version < 27)
+	if (protocol_version < 27) {
 		sum->s2length = csum_length;
-	else
+	} else {
 		sum->s2length = read_int(f);
+		if (sum->s2length > MD4_SUM_LENGTH) {
+			rprintf(FERROR, "Invalid checksum length %d\n",
+			    sum->s2length);
+			exit_cleanup(RERR_PROTOCOL);
+		}
+	}
 	sum->remainder = read_int(f);
 }
 
-- 
2.34.1