diff options
author | Sree Harsha Totakura <totakura@in.tum.de> | 2016-07-07 08:55:26 +0000 |
---|---|---|
committer | Sree Harsha Totakura <totakura@in.tum.de> | 2016-07-07 08:55:26 +0000 |
commit | ea7bfd24c3f394ee60a1f02d358c7ba88e05447c (patch) | |
tree | 387b62b1bbf0f959b5df8bc52cb6d8630987ed5e /src/testbed/testbed_api.c | |
parent | aeece360025012e270a30d4cd174a60fca30af38 (diff) | |
download | gnunet-ea7bfd24c3f394ee60a1f02d358c7ba88e05447c.tar.gz gnunet-ea7bfd24c3f394ee60a1f02d358c7ba88e05447c.zip |
introduce more message parsing checks
These checks may provide hints for Coverity.
Diffstat (limited to 'src/testbed/testbed_api.c')
-rw-r--r-- | src/testbed/testbed_api.c | 33 |
1 files changed, 30 insertions, 3 deletions
diff --git a/src/testbed/testbed_api.c b/src/testbed/testbed_api.c index 7c0ed1f02..6fec82ab2 100644 --- a/src/testbed/testbed_api.c +++ b/src/testbed/testbed_api.c | |||
@@ -1242,16 +1242,43 @@ handle_barrier_status (void *cls, | |||
1242 | emsg = NULL; | 1242 | emsg = NULL; |
1243 | barrier = NULL; | 1243 | barrier = NULL; |
1244 | msize = ntohs (msg->header.size); | 1244 | msize = ntohs (msg->header.size); |
1245 | if (msize <= sizeof (struct GNUNET_TESTBED_BarrierStatusMsg)) | ||
1246 | { | ||
1247 | GNUNET_break_op (0); | ||
1248 | goto cleanup; | ||
1249 | } | ||
1245 | name = msg->data; | 1250 | name = msg->data; |
1246 | name_len = ntohs (msg->name_len); | 1251 | name_len = ntohs (msg->name_len); |
1252 | if (name_len >= //name_len is strlen(barrier_name) | ||
1253 | (msize - ((sizeof msg->header) + sizeof (msg->status)) ) ) | ||
1254 | { | ||
1255 | GNUNET_break_op (0); | ||
1256 | goto cleanup; | ||
1257 | } | ||
1258 | if ('\0' != name[name_len]) | ||
1259 | { | ||
1260 | GNUNET_break_op (0); | ||
1261 | goto cleanup; | ||
1262 | } | ||
1247 | LOG_DEBUG ("Received BARRIER_STATUS msg\n"); | 1263 | LOG_DEBUG ("Received BARRIER_STATUS msg\n"); |
1248 | status = ntohs (msg->status); | 1264 | status = ntohs (msg->status); |
1249 | if (GNUNET_TESTBED_BARRIERSTATUS_ERROR == status) | 1265 | if (GNUNET_TESTBED_BARRIERSTATUS_ERROR == status) |
1250 | { | 1266 | { |
1251 | status = -1; | 1267 | status = -1; |
1252 | emsg_len = msize - (sizeof (struct GNUNET_TESTBED_BarrierStatusMsg) + name_len | 1268 | //unlike name_len, emsg_len includes the trailing zero |
1253 | + 1); | 1269 | emsg_len = msize - (sizeof (struct GNUNET_TESTBED_BarrierStatusMsg) |
1254 | emsg = GNUNET_malloc (emsg_len + 1); | 1270 | + (name_len + 1)); |
1271 | if (0 == emsg_len) | ||
1272 | { | ||
1273 | GNUNET_break_op (0); | ||
1274 | goto cleanup; | ||
1275 | } | ||
1276 | if ('\0' != (msg->data[(name_len + 1) + (emsg_len - 1)])) | ||
1277 | { | ||
1278 | GNUNET_break_op (0); | ||
1279 | goto cleanup; | ||
1280 | } | ||
1281 | emsg = GNUNET_malloc (emsg_len); | ||
1255 | memcpy (emsg, | 1282 | memcpy (emsg, |
1256 | msg->data + name_len + 1, | 1283 | msg->data + name_len + 1, |
1257 | emsg_len); | 1284 | emsg_len); |