fixed codesonar: 463.634, 1216.1564, 547.830, 1215.1563, 441.612, 478.650

Signed-off-by: t3sserakt <t3ss@posteo.de>
author: t3sserakt <t3ss@posteo.de> 2018-02-16 18:45:25 +0100
committer: t3sserakt <t3ss@posteo.de> 2018-02-16 18:57:10 +0100
commit: abd12cabccd56f7574548d6d576b772220389b7b (patch)
tree: 3df9fe2bc1dfa2e86ccff1148df5f47cc82b0765 /src/multicast
parent: d58a3cdedff02a94f1aba715b6ea75e79156cf36 (diff)
download: gnunet-abd12cabccd56f7574548d6d576b772220389b7b.tar.gz
gnunet-abd12cabccd56f7574548d6d576b772220389b7b.zip
2 files changed, 20 insertions, 12 deletions
diff --git a/src/multicast/gnunet-service-multicast.c b/src/multicast/gnunet-service-multicast.c
index ab7d1c5a0..66f18da9f 100644
--- a/src/multicast/gnunet-service-multicast.c
+++ b/src/multicast/gnunet-service-multicast.c
@@ -1450,8 +1450,12 @@ check_client_member_join (void *cls,
  uint16_t msg_size = ntohs (msg->header.size);
  struct GNUNET_PeerIdentity *relays = (struct GNUNET_PeerIdentity *) &msg[1];
  uint32_t relay_count = ntohl (msg->relay_count);
-  if (relay_count > MAX_RELAY_COUNT) return GNUNET_SYSERR;
+  if (UINT32_MAX - relay_count > sizeof (*relays)){
-  uint16_t relay_size = relay_count * sizeof (*relays);
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                    "relay_size exceeds UINT32_MAX!");
+      return GNUNET_SYSERR;
+  }
+  uint32_t relay_size = relay_count * sizeof (*relays);
  struct GNUNET_MessageHeader *join_msg = NULL;
  uint16_t join_msg_size = 0;
  if (sizeof (*msg) + relay_size + sizeof (struct GNUNET_MessageHeader)
@@ -1460,11 +1464,19 @@ check_client_member_join (void *cls,
    join_msg = (struct GNUNET_MessageHeader *)
      (((char *) &msg[1]) + relay_size);
    join_msg_size = ntohs (join_msg->size);
+    if (UINT16_MAX - join_msg_size > sizeof (struct MulticastJoinRequestMessage)){
+        GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                    "join_msg_size exceeds UINT16_MAX!");
+        return GNUNET_SYSERR;
+    } 
+  }
+  if (msg_size != (sizeof (*msg) + relay_size + join_msg_size)){
+      GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                    "msg_size does not match real size of message!");
+      return GNUNET_SYSERR;
+  }else{
+      return GNUNET_OK;
  }
-  return
-    msg_size == (sizeof (*msg) + relay_size + join_msg_size)
-    ? GNUNET_OK
-    : GNUNET_SYSERR;
 }
@@ -1888,6 +1900,7 @@ handle_client_replay_request (void *cls,
    else
    {
      /* FIXME: not yet connected to origin */
+      
      GNUNET_assert (0);
      GNUNET_SERVICE_client_drop (client);
      return;
@@ -1976,7 +1989,7 @@ static int
 check_client_replay_response (void *cls,
                              const struct MulticastReplayResponseMessage *res)
 {
-  const struct GNUNET_MessageHeader *msg = &res->header;
+  const struct GNUNET_MessageHeader *msg;
  if (GNUNET_MULTICAST_REC_OK == res->error_code)
  {
    msg = GNUNET_MQ_extract_nested_mh (res);
diff --git a/src/multicast/multicast.h b/src/multicast/multicast.h
index 8ff6af237..aeb3c0b41 100644
--- a/src/multicast/multicast.h
+++ b/src/multicast/multicast.h
@@ -30,11 +30,6 @@
 #include "platform.h"
 #include "gnunet_multicast_service.h"
-/* FIXME: What is a reasonable value here?
- * Should it be in an include file that clients can also see?
- */
-#define MAX_RELAY_COUNT 123
 GNUNET_NETWORK_STRUCT_BEGIN
author	t3sserakt <t3ss@posteo.de>	2018-02-16 18:45:25 +0100
committer	t3sserakt <t3ss@posteo.de>	2018-02-16 18:57:10 +0100
commit	abd12cabccd56f7574548d6d576b772220389b7b (patch)
tree	3df9fe2bc1dfa2e86ccff1148df5f47cc82b0765 /src/multicast
parent	d58a3cdedff02a94f1aba715b6ea75e79156cf36 (diff)
download	gnunet-abd12cabccd56f7574548d6d576b772220389b7b.tar.gz gnunet-abd12cabccd56f7574548d6d576b772220389b7b.zip