From 43191382e71295bf5637b6757f222f4c4b9b9e0e Mon Sep 17 00:00:00 2001
From: Ian Moffett <ian@osmora.org>
Date: Fri, 21 Feb 2025 18:30:45 -0500
Subject: session: Handle overflows

Signed-off-by: Ian Moffett <ian@osmora.org>
---
 lib/libostp/session.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/libostp/session.c b/lib/libostp/session.c
index 35d7a8d..26b72bb 100644
--- a/lib/libostp/session.c
+++ b/lib/libostp/session.c
@@ -123,10 +123,13 @@ send_auth(int sockfd, const unsigned char *session_key, struct ostp_session *s)
     }
 
     /* Did it fail? */
-    if (auth.code != AUTH_SUCCESS) {
+    if (auth.code != AUTH_SUCCESS && auth.code < NELEM(auth_codestr)) {
         LOG("Failed to authenticate, server says: %s\n",
             auth_codestr[auth.code]);
         return -1;
+    } else if (auth.code >= NELEM(auth_codestr)) {
+        LOG("Failed to authenticate, invalid code %d\n", auth.code);
+        return -1;
     }
 
     memcpy(s->username, auth.username, sizeof(auth.username));
-- 
cgit v1.2.3