From b6a3f2b403ba8a2ee28921420081225176fe2783 Mon Sep 17 00:00:00 2001
From: Maxim Biro <nurupo.contributions@gmail.com>
Date: Wed, 7 Aug 2013 20:23:48 -0400
Subject: Added length checks

---
 core/Messenger.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'core/Messenger.c')

diff --git a/core/Messenger.c b/core/Messenger.c
index f1d8b35e..b1050230 100644
--- a/core/Messenger.c
+++ b/core/Messenger.c
@@ -541,6 +541,8 @@ static void doFriends(void)
                     break;
                 }
                 case PACKET_ID_STATUSMESSAGE: {
+                    if (len < 2)
+                        break;
                     uint8_t *status = calloc(MIN(len - 1, MAX_STATUSMESSAGE_LENGTH), 1);
                     memcpy(status, temp + 1, MIN(len - 1, MAX_STATUSMESSAGE_LENGTH));
                     if (friend_statusmessagechange_isset)
@@ -550,6 +552,8 @@ static void doFriends(void)
                     break;
                 }
                 case PACKET_ID_USERSTATUS: {
+                    if (len != 2)
+                        break;
                     USERSTATUS status = *(temp + 1);
                     if (friend_userstatuschange_isset)
                         friend_userstatuschange(i, status);
-- 
cgit v1.2.3