diff options
author | lurchi <lurchi@strangeplace.net> | 2018-01-07 22:34:39 +0100 |
---|---|---|
committer | lurchi <lurchi@strangeplace.net> | 2018-01-07 22:34:39 +0100 |
commit | 0120859e1ea2f0591602f446d4bc054e9230c801 (patch) | |
tree | bf4d650b43ba10e2f387f29682f2349730dc27fe /src/social | |
parent | 5f9face21a6ca311247c4f11a1f015691673cc9a (diff) | |
download | gnunet-0120859e1ea2f0591602f446d4bc054e9230c801.tar.gz gnunet-0120859e1ea2f0591602f446d4bc054e9230c801.zip |
more size checking; tokenize only after size check
Diffstat (limited to 'src/social')
-rw-r--r-- | src/social/gnunet-service-social.c | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/src/social/gnunet-service-social.c b/src/social/gnunet-service-social.c index 60f1b348d..31e3a3dc2 100644 --- a/src/social/gnunet-service-social.c +++ b/src/social/gnunet-service-social.c | |||
@@ -1393,8 +1393,7 @@ msg_proc_parse (const struct MsgProcRequest *mpreq, | |||
1393 | struct GNUNET_HashCode *method_hash) | 1393 | struct GNUNET_HashCode *method_hash) |
1394 | { | 1394 | { |
1395 | ssize_t method_size = ntohs (mpreq->header.size) - sizeof (*mpreq); | 1395 | ssize_t method_size = ntohs (mpreq->header.size) - sizeof (*mpreq); |
1396 | uint16_t offset = GNUNET_STRINGS_buffer_tokenize ((const char *) &mpreq[1], | 1396 | uint16_t offset; |
1397 | method_size, 1, method_prefix); | ||
1398 | 1397 | ||
1399 | if (method_size < 0) | 1398 | if (method_size < 0) |
1400 | { | 1399 | { |
@@ -1402,6 +1401,11 @@ msg_proc_parse (const struct MsgProcRequest *mpreq, | |||
1402 | "MsgProcRequest has invalid size\n"); | 1401 | "MsgProcRequest has invalid size\n"); |
1403 | return GNUNET_SYSERR; | 1402 | return GNUNET_SYSERR; |
1404 | } | 1403 | } |
1404 | |||
1405 | offset = GNUNET_STRINGS_buffer_tokenize ((const char *) &mpreq[1], | ||
1406 | method_size, | ||
1407 | 1, | ||
1408 | method_prefix); | ||
1405 | if (0 == offset || offset != method_size || *method_prefix == NULL) | 1409 | if (0 == offset || offset != method_size || *method_prefix == NULL) |
1406 | { | 1410 | { |
1407 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 1411 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
@@ -2147,20 +2151,34 @@ handle_client_app_connect (void *cls, | |||
2147 | { | 2151 | { |
2148 | struct Client *c = cls; | 2152 | struct Client *c = cls; |
2149 | struct GNUNET_SERVICE_Client *client = c->client; | 2153 | struct GNUNET_SERVICE_Client *client = c->client; |
2150 | 2154 | ssize_t app_id_size = ntohs (creq->header.size) - sizeof (*creq); | |
2151 | uint8_t app_id_size = ntohs (creq->header.size) - sizeof (*creq); | ||
2152 | const char *app_id = NULL; | 2155 | const char *app_id = NULL; |
2153 | uint16_t offset = GNUNET_STRINGS_buffer_tokenize ((const char *) &creq[1], | 2156 | uint16_t offset; |
2154 | app_id_size, 1, &app_id); | 2157 | |
2158 | if (app_id_size < 0) | ||
2159 | { | ||
2160 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2161 | "AppConnectRequest has invalid size\n"); | ||
2162 | GNUNET_break (0); | ||
2163 | GNUNET_SERVICE_client_drop (client); | ||
2164 | return; | ||
2165 | } | ||
2166 | |||
2167 | offset = GNUNET_STRINGS_buffer_tokenize ((const char *) &creq[1], | ||
2168 | (size_t) app_id_size, | ||
2169 | 1, | ||
2170 | &app_id); | ||
2155 | if (0 == offset || offset != app_id_size) | 2171 | if (0 == offset || offset != app_id_size) |
2156 | { | 2172 | { |
2173 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
2174 | "AppConnectRequest contains invalid app ID\n"); | ||
2157 | GNUNET_break (0); | 2175 | GNUNET_break (0); |
2158 | GNUNET_SERVICE_client_drop (client); | 2176 | GNUNET_SERVICE_client_drop (client); |
2159 | return; | 2177 | return; |
2160 | } | 2178 | } |
2161 | 2179 | ||
2162 | struct GNUNET_HashCode app_id_hash; | 2180 | struct GNUNET_HashCode app_id_hash; |
2163 | GNUNET_CRYPTO_hash (app_id, app_id_size, &app_id_hash); | 2181 | GNUNET_CRYPTO_hash (app_id, (size_t) app_id_size, &app_id_hash); |
2164 | 2182 | ||
2165 | GNUNET_CONTAINER_multihashmap_iterate (egos, ego_entry, client); | 2183 | GNUNET_CONTAINER_multihashmap_iterate (egos, ego_entry, client); |
2166 | app_notify_ego_end (client); | 2184 | app_notify_ego_end (client); |
@@ -2185,8 +2203,8 @@ handle_client_app_connect (void *cls, | |||
2185 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 2203 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
2186 | "%p Application %s connected.\n", app, app_id); | 2204 | "%p Application %s connected.\n", app, app_id); |
2187 | 2205 | ||
2188 | c->app_id = GNUNET_malloc (app_id_size); | 2206 | c->app_id = GNUNET_malloc ((size_t) app_id_size); |
2189 | GNUNET_memcpy (c->app_id, app_id, app_id_size); | 2207 | GNUNET_memcpy (c->app_id, app_id, (size_t) app_id_size); |
2190 | 2208 | ||
2191 | GNUNET_SERVICE_client_continue (client); | 2209 | GNUNET_SERVICE_client_continue (client); |
2192 | } | 2210 | } |