psyc,psycstore,social fixes

author: Gabor X Toth <*@tg-x.net> 2016-09-22 11:35:38 +0000
committer: Gabor X Toth <*@tg-x.net> 2016-09-22 11:35:38 +0000
commit: 76a029cc8d1dbf3d470079e98be1f3b7c4783ef0 (patch)
tree: 0448061d5cbfcab71265ec71b32ed83b8e591e9a /src
parent: 2f26cb57675966de7f04606fa83b0f0fc1dae46b (diff)
download: gnunet-76a029cc8d1dbf3d470079e98be1f3b7c4783ef0.tar.gz
gnunet-76a029cc8d1dbf3d470079e98be1f3b7c4783ef0.zip
3 files changed, 27 insertions, 8 deletions
diff --git a/src/psyc/psyc_api.c b/src/psyc/psyc_api.c
index 9c5832293..9769bb853 100644
--- a/src/psyc/psyc_api.c
+++ b/src/psyc/psyc_api.c
@@ -386,6 +386,11 @@ handle_channel_state_result (void *cls,
  }
  const struct GNUNET_MessageHeader *mod = GNUNET_MQ_extract_nested_mh (res);
+  if (NULL == mod)
+  {
+    GNUNET_break_op (0);
+    return;
+  }
  uint16_t mod_size = ntohs (mod->size);
  switch (ntohs (mod->type))
@@ -397,9 +402,11 @@ handle_channel_state_result (void *cls,
    const char *name = (const char *) &pmod[1];
    uint16_t name_size = ntohs (pmod->name_size);
-    if ('\0' != name[name_size - 1])
+    if (0 == name_size
+        || mod_size - sizeof (*pmod) < name_size
+        || '\0' != name[name_size - 1])
    {
-      GNUNET_break (0);
+      GNUNET_break_op (0);
      return;
    }
    sr->var_cb (sr->cls, mod, name, name + name_size,
diff --git a/src/psycstore/psycstore_api.c b/src/psycstore/psycstore_api.c
index 7bbf2e3d8..480d594fc 100644
--- a/src/psycstore/psycstore_api.c
+++ b/src/psycstore/psycstore_api.c
@@ -122,7 +122,7 @@ check_result_code (void *cls, const struct OperationResult *opres)
 {
  uint16_t size = ntohs (opres->header.size);
  const char *str = (const char *) &opres[1];
-  if ( (sizeof (struct OperationResult) < size) &&
+  if ( (sizeof (*opres) < size) &&
       ('\0' != str[size - sizeof (*opres) - 1]) )
  {
    GNUNET_break (0);
@@ -244,9 +244,12 @@ static int
 check_result_state (void *cls, const struct StateResult *sres)
 {
  const char *name = (const char *) &sres[1];
+  uint16_t size = ntohs (sres->header.size);
  uint16_t name_size = ntohs (sres->name_size);
-  if (name_size <= 2 || '\0' != name[name_size - 1])
+  if (name_size <= 2
+      || size - sizeof (*sres) < name_size
+      || '\0' != name[name_size - 1])
  {
    LOG (GNUNET_ERROR_TYPE_ERROR,
         "check_result_state: Received state result message with invalid name.\n");
diff --git a/src/social/social_api.c b/src/social/social_api.c
index e34774aae..f05e437ca 100644
--- a/src/social/social_api.c
+++ b/src/social/social_api.c
@@ -657,10 +657,17 @@ check_place_state_result (void *cls,
                          const struct GNUNET_OperationResultMessage *res)
 {
  const struct GNUNET_MessageHeader *mod = GNUNET_MQ_extract_nested_mh (res);
-  uint16_t mod_size = ntohs (mod->size);
+  if (NULL == mod)
-  uint16_t size = ntohs (res->header.size);
+  {
+    GNUNET_break_op (0);
+    LOG (GNUNET_ERROR_TYPE_WARNING,
+         "Invalid modifier in state result\n");
+    return GNUNET_SYSERR;
+  }
-  if (NULL == mod || size - sizeof (*res) != mod_size)
+  uint16_t size = ntohs (res->header.size);
+  uint16_t mod_size = ntohs (mod->size);
+  if (size - sizeof (*res) != mod_size)
  {
    GNUNET_break_op (0);
    LOG (GNUNET_ERROR_TYPE_WARNING,
@@ -700,7 +707,9 @@ handle_place_state_result (void *cls,
    const char *name = (const char *) &pmod[1];
    uint16_t name_size = ntohs (pmod->name_size);
-    if ('\0' != name[name_size - 1])
+    if (0 == name_size
+        || mod_size - sizeof (*pmod) < name_size
+        || '\0' != name[name_size - 1])
    {
      GNUNET_break_op (0);
      LOG (GNUNET_ERROR_TYPE_WARNING,
author	Gabor X Toth <*@tg-x.net>	2016-09-22 11:35:38 +0000
committer	Gabor X Toth <*@tg-x.net>	2016-09-22 11:35:38 +0000
commit	76a029cc8d1dbf3d470079e98be1f3b7c4783ef0 (patch)
tree	0448061d5cbfcab71265ec71b32ed83b8e591e9a /src
parent	2f26cb57675966de7f04606fa83b0f0fc1dae46b (diff)
download	gnunet-76a029cc8d1dbf3d470079e98be1f3b7c4783ef0.tar.gz gnunet-76a029cc8d1dbf3d470079e98be1f3b7c4783ef0.zip