more size checking; tokenize only after size check

author: lurchi <lurchi@strangeplace.net> 2018-01-07 22:34:39 +0100
committer: lurchi <lurchi@strangeplace.net> 2018-01-07 22:34:39 +0100
commit: 0120859e1ea2f0591602f446d4bc054e9230c801 (patch)
tree: bf4d650b43ba10e2f387f29682f2349730dc27fe
parent: 5f9face21a6ca311247c4f11a1f015691673cc9a (diff)
download: gnunet-0120859e1ea2f0591602f446d4bc054e9230c801.tar.gz
gnunet-0120859e1ea2f0591602f446d4bc054e9230c801.zip
1 files changed, 27 insertions, 9 deletions
diff --git a/src/social/gnunet-service-social.c b/src/social/gnunet-service-social.c
index 60f1b348d..31e3a3dc2 100644
--- a/src/social/gnunet-service-social.c
+++ b/src/social/gnunet-service-social.c
@@ -1393,8 +1393,7 @@ msg_proc_parse (const struct MsgProcRequest *mpreq,
                struct GNUNET_HashCode *method_hash)
 {
  ssize_t method_size = ntohs (mpreq->header.size) - sizeof (*mpreq);
-  uint16_t offset = GNUNET_STRINGS_buffer_tokenize ((const char *) &mpreq[1],
+  uint16_t offset;
-                                                    method_size, 1, method_prefix);
  if (method_size < 0)
  {
@@ -1402,6 +1401,11 @@ msg_proc_parse (const struct MsgProcRequest *mpreq,
                "MsgProcRequest has invalid size\n");
    return GNUNET_SYSERR;
  }
+  offset = GNUNET_STRINGS_buffer_tokenize ((const char *) &mpreq[1],
+                                           method_size,
+                                           1,
+                                           method_prefix);
  if (0 == offset || offset != method_size || *method_prefix == NULL)
  {
    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@@ -2147,20 +2151,34 @@ handle_client_app_connect (void *cls,
 {
  struct Client *c = cls;
  struct GNUNET_SERVICE_Client *client = c->client;
+  ssize_t app_id_size = ntohs (creq->header.size) - sizeof (*creq);
-  uint8_t app_id_size = ntohs (creq->header.size) - sizeof (*creq);
  const char *app_id = NULL;
-  uint16_t offset = GNUNET_STRINGS_buffer_tokenize ((const char *) &creq[1],
+  uint16_t offset;
-                                                    app_id_size, 1, &app_id);
+ 
+  if (app_id_size < 0)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "AppConnectRequest has invalid size\n");
+    GNUNET_break (0);
+    GNUNET_SERVICE_client_drop (client);
+    return;
+  }
+  offset = GNUNET_STRINGS_buffer_tokenize ((const char *) &creq[1],
+                                           (size_t) app_id_size,
+                                           1, 
+                                           &app_id);
  if (0 == offset || offset != app_id_size)
  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "AppConnectRequest contains invalid app ID\n"); 
    GNUNET_break (0);
    GNUNET_SERVICE_client_drop (client);
    return;
  }
  struct GNUNET_HashCode app_id_hash;
-  GNUNET_CRYPTO_hash (app_id, app_id_size, &app_id_hash);
+  GNUNET_CRYPTO_hash (app_id, (size_t) app_id_size, &app_id_hash);
  GNUNET_CONTAINER_multihashmap_iterate (egos, ego_entry, client);
  app_notify_ego_end (client);
@@ -2185,8 +2203,8 @@ handle_client_app_connect (void *cls,
  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
              "%p Application %s connected.\n", app, app_id);
-  c->app_id = GNUNET_malloc (app_id_size);
+  c->app_id = GNUNET_malloc ((size_t) app_id_size);
-  GNUNET_memcpy (c->app_id, app_id, app_id_size);
+  GNUNET_memcpy (c->app_id, app_id, (size_t) app_id_size);
  GNUNET_SERVICE_client_continue (client);
 }
author	lurchi <lurchi@strangeplace.net>	2018-01-07 22:34:39 +0100
committer	lurchi <lurchi@strangeplace.net>	2018-01-07 22:34:39 +0100
commit	0120859e1ea2f0591602f446d4bc054e9230c801 (patch)
tree	bf4d650b43ba10e2f387f29682f2349730dc27fe
parent	5f9face21a6ca311247c4f11a1f015691673cc9a (diff)
download	gnunet-0120859e1ea2f0591602f446d4bc054e9230c801.tar.gz gnunet-0120859e1ea2f0591602f446d4bc054e9230c801.zip

diff --git a/src/social/gnunet-service-social.c b/src/social/gnunet-service-social.c index 60f1b348d..31e3a3dc2 100644 --- a/src/social/gnunet-service-social.c +++ b/src/social/gnunet-service-social.c
@@ -1393,8 +1393,7 @@ msg_proc_parse (const struct MsgProcRequest *mpreq,
1393	struct GNUNET_HashCode *method_hash)	1393	struct GNUNET_HashCode *method_hash)
1394	{	1394	{
1395	ssize_t method_size = ntohs (mpreq->header.size) - sizeof (*mpreq);	1395	ssize_t method_size = ntohs (mpreq->header.size) - sizeof (*mpreq);
1396	uint16_t offset = GNUNET_STRINGS_buffer_tokenize ((const char *) &mpreq[1],	1396	uint16_t offset;
1397	method_size, 1, method_prefix);
1398		1397
1399	if (method_size < 0)	1398	if (method_size < 0)
1400	{	1399	{
@@ -1402,6 +1401,11 @@ msg_proc_parse (const struct MsgProcRequest *mpreq,
1402	"MsgProcRequest has invalid size\n");	1401	"MsgProcRequest has invalid size\n");
1403	return GNUNET_SYSERR;	1402	return GNUNET_SYSERR;
1404	}	1403	}
		1404
		1405	offset = GNUNET_STRINGS_buffer_tokenize ((const char *) &mpreq[1],
		1406	method_size,
		1407	1,
		1408	method_prefix);
1405	if (0 == offset \|\| offset != method_size \|\| *method_prefix == NULL)	1409	if (0 == offset \|\| offset != method_size \|\| *method_prefix == NULL)
1406	{	1410	{
1407	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,	1411	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
@@ -2147,20 +2151,34 @@ handle_client_app_connect (void *cls,
2147	{	2151	{
2148	struct Client *c = cls;	2152	struct Client *c = cls;
2149	struct GNUNET_SERVICE_Client *client = c->client;	2153	struct GNUNET_SERVICE_Client *client = c->client;
2150		2154	ssize_t app_id_size = ntohs (creq->header.size) - sizeof (*creq);
2151	uint8_t app_id_size = ntohs (creq->header.size) - sizeof (*creq);
2152	const char *app_id = NULL;	2155	const char *app_id = NULL;
2153	uint16_t offset = GNUNET_STRINGS_buffer_tokenize ((const char *) &creq[1],	2156	uint16_t offset;
2154	app_id_size, 1, &app_id);	2157
		2158	if (app_id_size < 0)
		2159	{
		2160	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
		2161	"AppConnectRequest has invalid size\n");
		2162	GNUNET_break (0);
		2163	GNUNET_SERVICE_client_drop (client);
		2164	return;
		2165	}
		2166
		2167	offset = GNUNET_STRINGS_buffer_tokenize ((const char *) &creq[1],
		2168	(size_t) app_id_size,
		2169	1,
		2170	&app_id);
2155	if (0 == offset \|\| offset != app_id_size)	2171	if (0 == offset \|\| offset != app_id_size)
2156	{	2172	{
		2173	GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
		2174	"AppConnectRequest contains invalid app ID\n");
2157	GNUNET_break (0);	2175	GNUNET_break (0);
2158	GNUNET_SERVICE_client_drop (client);	2176	GNUNET_SERVICE_client_drop (client);
2159	return;	2177	return;
2160	}	2178	}
2161		2179
2162	struct GNUNET_HashCode app_id_hash;	2180	struct GNUNET_HashCode app_id_hash;
2163	GNUNET_CRYPTO_hash (app_id, app_id_size, &app_id_hash);	2181	GNUNET_CRYPTO_hash (app_id, (size_t) app_id_size, &app_id_hash);
2164		2182
2165	GNUNET_CONTAINER_multihashmap_iterate (egos, ego_entry, client);	2183	GNUNET_CONTAINER_multihashmap_iterate (egos, ego_entry, client);
2166	app_notify_ego_end (client);	2184	app_notify_ego_end (client);
@@ -2185,8 +2203,8 @@ handle_client_app_connect (void *cls,
2185	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,	2203	GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
2186	"%p Application %s connected.\n", app, app_id);	2204	"%p Application %s connected.\n", app, app_id);
2187		2205
2188	c->app_id = GNUNET_malloc (app_id_size);	2206	c->app_id = GNUNET_malloc ((size_t) app_id_size);
2189	GNUNET_memcpy (c->app_id, app_id, app_id_size);	2207	GNUNET_memcpy (c->app_id, app_id, (size_t) app_id_size);
2190		2208
2191	GNUNET_SERVICE_client_continue (client);	2209	GNUNET_SERVICE_client_continue (client);
2192	}	2210	}