This little patch keeps mixmaster from crashing if it encounters a
request for chaining to a chain longer than 20 hops. This problem can
be exploited locally by using the commandline or remote by (ab)using
the chain header. Giving remote attackers the ability to crash a
program is a secutity risk.

Example on the Commandline:

$ ./mix -d -l *,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*
Mixmaster 2.9beta31 - Copyright Anonymizer Inc.
Chain: freaky,rot26,lcs,farout,paranoia,green,freaky,disjoint,segfault,randseed,lcs,freaky,randseed,marquis,dizum,squirrel,lsd,frog2,harmless,tonga
$ ./mix -d -l *,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*
Mixmaster 2.9beta31 - Copyright Anonymizer Inc.
Segmentation fault

My patch is real simple. It might be that the original author of the
code had truncating chains wo 20 hops in mind, bit it didn't
workout. In my opinion truncating wouldn't be a good idea at all,
because software trying to correct errors caused by users normally
makes things worse.

  -- drt@un.bewaff.net - http://c0re.jp/

--- Mix-2.9beta31-orig/Src/chain.c	Thu Mar 16 17:34:02 2000
+++ Mix-2.9beta31/Src/chain.c	Wed Oct 10 23:48:05 2001
@@ -86,6 +86,7 @@
       hop[len++] = k;
       if (len > 20) {
 	buf_appends(feedback, "Chain too long.\n");
+	len = -1;
 	break;
       }
       if (i > 0)