Implemented server-side bounds checking on inccoming SPA data.
authorMichael Rash <mbr@cipherdyne.org>
Fri, 20 Jul 2012 02:34:45 +0000 (22:34 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Fri, 20 Jul 2012 02:34:45 +0000 (22:34 -0400)
commit4c7923413ed2f327ebc4875dcde98a04865e80d9
tree633fe158c1771830ce432684939b5d774b2ea814
parent8f500fd67f3600539e438527f6dac920bdf25765
Implemented server-side bounds checking on inccoming SPA data.

Enhanced the libfko decoding routine to include bounds checking on decrypted
SPA data.  This includes verifying the number of fields within incoming SPA
data (colon separated) along with verifying string lengths of each field.
lib/fko_decode.c
lib/fko_encryption.c
lib/fko_limits.h