From 1701836ddcd6bfa8f7519d82bbf9e717ca6dda98 Mon Sep 17 00:00:00 2001
From: "7u83@mail.ru" <7u83@mail.ru@noemail.net>
Date: Mon, 7 Mar 2016 08:57:14 +0000
Subject: [PATCH] Added generic message lngth-check.

FossilOrigin-Name: 9682f12dcb7303376bc5cc009d2afaaff679b541f1ae33e7729184b23ef233cd
---
 src/cw/conn_process_packet.c | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/src/cw/conn_process_packet.c b/src/cw/conn_process_packet.c
index 69b374d3..cf09081c 100644
--- a/src/cw/conn_process_packet.c
+++ b/src/cw/conn_process_packet.c
@@ -129,6 +129,29 @@ int cw_send_error_response(struct conn *conn, uint8_t * rawmsg, uint32_t result_
 	return 1;
 }
 
+static int check_len(struct conn *conn, struct cw_action_in *a, uint8_t * data, int len,
+		     struct sockaddr *from)
+{
+	if (!a->max_len)
+		return 1;
+
+	if (len < a->min_len) {
+		cw_dbg(DBG_ELEM_ERR,
+		       "%d (%s) message element too short, len=%d, min len=%d",
+		       a->elem_id, cw_strelemp(conn->actions, a->elem_id), len,
+		       a->min_len);
+		return 0;
+	}
+	if (len > a->max_len) {
+		cw_dbg(DBG_ELEM_ERR,
+		       "%d (%s) message element too big, len=%d, max len=%d", a->elem_id,
+		       cw_strelemp(conn->actions, a->elem_id), len, a->max_len);
+		return 0;
+	}
+
+	return 1;
+}
+
 
 static int process_elements(struct conn *conn, uint8_t * rawmsg, int len,
 			    struct sockaddr *from)
@@ -284,6 +307,10 @@ static int process_elements(struct conn *conn, uint8_t * rawmsg, int len,
 			continue;
 		}
 
+		if (!check_len(conn,af,cw_get_elem_data(elem), elem_len,from)){
+			continue;
+		}
+
 		int afrc = 1;
 		if (af->start) {
 			afrc =