-proper checks for inbound messages being well-formed

author: Christian Grothoff <christian@grothoff.org> 2016-08-27 16:38:02 +0000
committer: Christian Grothoff <christian@grothoff.org> 2016-08-27 16:38:02 +0000
commit: 7afd744770424ea38ceb8aa41b9eb94f5c089f87 (patch)
tree: 21dab836d3040facbe279bf8bd3e35d5d0d04dba /src/psyc/psyc_api.c
parent: 7aa06c2b3ec477136f5821f3aff406ec9cb290ad (diff)
download: gnunet-7afd744770424ea38ceb8aa41b9eb94f5c089f87.tar.gz
gnunet-7afd744770424ea38ceb8aa41b9eb94f5c089f87.zip
1 files changed, 24 insertions, 9 deletions
diff --git a/src/psyc/psyc_api.c b/src/psyc/psyc_api.c
index f74930237..9c5832293 100644
--- a/src/psyc/psyc_api.c
+++ b/src/psyc/psyc_api.c
@@ -304,7 +304,8 @@ check_channel_history_result (void *cls,
    pmsg = (struct GNUNET_PSYC_MessageHeader *) GNUNET_MQ_extract_nested_mh (res);
  uint16_t size = ntohs (res->header.size);
-  if (NULL == pmsg || size < sizeof (*res) + sizeof (*pmsg))
+  if ( (NULL == pmsg) ||
+       (size < sizeof (*res) + sizeof (*pmsg)) )
  { /* Error, message too small. */
    GNUNET_break_op (0);
    return GNUNET_SYSERR;
@@ -320,13 +321,13 @@ handle_channel_history_result (void *cls,
  struct GNUNET_PSYC_Channel *chn = cls;
  struct GNUNET_PSYC_MessageHeader *
    pmsg = (struct GNUNET_PSYC_MessageHeader *) GNUNET_MQ_extract_nested_mh (res);
+  GNUNET_ResultCallback result_cb = NULL;
+  struct GNUNET_PSYC_HistoryRequest *hist = NULL;
  LOG (GNUNET_ERROR_TYPE_DEBUG,
       "%p Received historic fragment for message #%" PRIu64 ".\n",
-       chn, GNUNET_ntohll (pmsg->message_id));
+       chn,
+       GNUNET_ntohll (pmsg->message_id));
-  GNUNET_ResultCallback result_cb = NULL;
-  struct GNUNET_PSYC_HistoryRequest *hist = NULL;
  if (GNUNET_YES != GNUNET_OP_get (chn->op,
                                   GNUNET_ntohll (res->op_id),
@@ -349,10 +350,17 @@ check_channel_state_result (void *cls,
                            const struct GNUNET_OperationResultMessage *res)
 {
  const struct GNUNET_MessageHeader *mod = GNUNET_MQ_extract_nested_mh (res);
-  uint16_t mod_size = ntohs (mod->size);
+  uint16_t mod_size;
-  uint16_t size = ntohs (res->header.size);
+  uint16_t size;
-  if (NULL == mod || size - sizeof (*res) != mod_size)
+  if (NULL == mod)
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
+  mod_size = ntohs (mod->size);
+  size = ntohs (res->header.size);
+  if (size - sizeof (*res) != mod_size)
  {
    GNUNET_break_op (0);
    return GNUNET_SYSERR;
@@ -458,6 +466,12 @@ static int
 check_master_join_request (void *cls,
                           const struct GNUNET_PSYC_JoinRequestMessage *req)
 {
+  if ( ((sizeof (*req) + sizeof (struct GNUNET_PSYC_Message)) <= ntohs (req->header.size)) &&
+       (NULL == GNUNET_MQ_extract_nested_mh (req)) )
+  {
+    GNUNET_break_op (0);
+    return GNUNET_SYSERR;
+  }
  return GNUNET_OK;
 }
@@ -477,7 +491,8 @@ handle_master_join_request (void *cls,
    join_msg = (struct GNUNET_PSYC_Message *) GNUNET_MQ_extract_nested_mh (req);
    LOG (GNUNET_ERROR_TYPE_DEBUG,
         "Received join_msg of type %u and size %u.\n",
-         ntohs (join_msg->header.type), ntohs (join_msg->header.size));
+         ntohs (join_msg->header.type),
+         ntohs (join_msg->header.size));
  }
  struct GNUNET_PSYC_JoinHandle *jh = GNUNET_malloc (sizeof (*jh));
author	Christian Grothoff <christian@grothoff.org>	2016-08-27 16:38:02 +0000
committer	Christian Grothoff <christian@grothoff.org>	2016-08-27 16:38:02 +0000
commit	7afd744770424ea38ceb8aa41b9eb94f5c089f87 (patch)
tree	21dab836d3040facbe279bf8bd3e35d5d0d04dba /src/psyc/psyc_api.c
parent	7aa06c2b3ec477136f5821f3aff406ec9cb290ad (diff)
download	gnunet-7afd744770424ea38ceb8aa41b9eb94f5c089f87.tar.gz gnunet-7afd744770424ea38ceb8aa41b9eb94f5c089f87.zip

diff --git a/src/psyc/psyc_api.c b/src/psyc/psyc_api.c index f74930237..9c5832293 100644 --- a/src/psyc/psyc_api.c +++ b/src/psyc/psyc_api.c
@@ -304,7 +304,8 @@ check_channel_history_result (void *cls,
304	pmsg = (struct GNUNET_PSYC_MessageHeader *) GNUNET_MQ_extract_nested_mh (res);	304	pmsg = (struct GNUNET_PSYC_MessageHeader *) GNUNET_MQ_extract_nested_mh (res);
305	uint16_t size = ntohs (res->header.size);	305	uint16_t size = ntohs (res->header.size);
306		306
307	if (NULL == pmsg \|\| size < sizeof (res) + sizeof (pmsg))	307	if ( (NULL == pmsg) \|\|
		308	(size < sizeof (res) + sizeof (pmsg)) )
308	{ /* Error, message too small. */	309	{ /* Error, message too small. */
309	GNUNET_break_op (0);	310	GNUNET_break_op (0);
310	return GNUNET_SYSERR;	311	return GNUNET_SYSERR;
@@ -320,13 +321,13 @@ handle_channel_history_result (void *cls,
320	struct GNUNET_PSYC_Channel *chn = cls;	321	struct GNUNET_PSYC_Channel *chn = cls;
321	struct GNUNET_PSYC_MessageHeader *	322	struct GNUNET_PSYC_MessageHeader *
322	pmsg = (struct GNUNET_PSYC_MessageHeader *) GNUNET_MQ_extract_nested_mh (res);	323	pmsg = (struct GNUNET_PSYC_MessageHeader *) GNUNET_MQ_extract_nested_mh (res);
		324	GNUNET_ResultCallback result_cb = NULL;
		325	struct GNUNET_PSYC_HistoryRequest *hist = NULL;
323		326
324	LOG (GNUNET_ERROR_TYPE_DEBUG,	327	LOG (GNUNET_ERROR_TYPE_DEBUG,
325	"%p Received historic fragment for message #%" PRIu64 ".\n",	328	"%p Received historic fragment for message #%" PRIu64 ".\n",
326	chn, GNUNET_ntohll (pmsg->message_id));	329	chn,
327		330	GNUNET_ntohll (pmsg->message_id));
328	GNUNET_ResultCallback result_cb = NULL;
329	struct GNUNET_PSYC_HistoryRequest *hist = NULL;
330		331
331	if (GNUNET_YES != GNUNET_OP_get (chn->op,	332	if (GNUNET_YES != GNUNET_OP_get (chn->op,
332	GNUNET_ntohll (res->op_id),	333	GNUNET_ntohll (res->op_id),
@@ -349,10 +350,17 @@ check_channel_state_result (void *cls,
349	const struct GNUNET_OperationResultMessage *res)	350	const struct GNUNET_OperationResultMessage *res)
350	{	351	{
351	const struct GNUNET_MessageHeader *mod = GNUNET_MQ_extract_nested_mh (res);	352	const struct GNUNET_MessageHeader *mod = GNUNET_MQ_extract_nested_mh (res);
352	uint16_t mod_size = ntohs (mod->size);	353	uint16_t mod_size;
353	uint16_t size = ntohs (res->header.size);	354	uint16_t size;
354		355
355	if (NULL == mod \|\| size - sizeof (*res) != mod_size)	356	if (NULL == mod)
		357	{
		358	GNUNET_break_op (0);
		359	return GNUNET_SYSERR;
		360	}
		361	mod_size = ntohs (mod->size);
		362	size = ntohs (res->header.size);
		363	if (size - sizeof (*res) != mod_size)
356	{	364	{
357	GNUNET_break_op (0);	365	GNUNET_break_op (0);
358	return GNUNET_SYSERR;	366	return GNUNET_SYSERR;
@@ -458,6 +466,12 @@ static int
458	check_master_join_request (void *cls,	466	check_master_join_request (void *cls,
459	const struct GNUNET_PSYC_JoinRequestMessage *req)	467	const struct GNUNET_PSYC_JoinRequestMessage *req)
460	{	468	{
		469	if ( ((sizeof (*req) + sizeof (struct GNUNET_PSYC_Message)) <= ntohs (req->header.size)) &&
		470	(NULL == GNUNET_MQ_extract_nested_mh (req)) )
		471	{
		472	GNUNET_break_op (0);
		473	return GNUNET_SYSERR;
		474	}
461	return GNUNET_OK;	475	return GNUNET_OK;
462	}	476	}
463		477
@@ -477,7 +491,8 @@ handle_master_join_request (void *cls,
477	join_msg = (struct GNUNET_PSYC_Message *) GNUNET_MQ_extract_nested_mh (req);	491	join_msg = (struct GNUNET_PSYC_Message *) GNUNET_MQ_extract_nested_mh (req);
478	LOG (GNUNET_ERROR_TYPE_DEBUG,	492	LOG (GNUNET_ERROR_TYPE_DEBUG,
479	"Received join_msg of type %u and size %u.\n",	493	"Received join_msg of type %u and size %u.\n",
480	ntohs (join_msg->header.type), ntohs (join_msg->header.size));	494	ntohs (join_msg->header.type),
		495	ntohs (join_msg->header.size));
481	}	496	}
482		497
483	struct GNUNET_PSYC_JoinHandle jh = GNUNET_malloc (sizeof (jh));	498	struct GNUNET_PSYC_JoinHandle jh = GNUNET_malloc (sizeof (jh));