diff options
| author | Christian Grothoff <christian@grothoff.org> | 2011-01-13 20:41:54 +0000 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2011-01-13 20:41:54 +0000 |
| commit | e273b8d5760562499f807968139927ebcd9341dd (patch) | |
| tree | d5271e71c2a0db13e6f00b875dd1c66ab8d371d6 /src | |
| parent | 4c63d0a6ac1e343fb9123d815a13c7ca05233330 (diff) | |
| download | gnunet-e273b8d5760562499f807968139927ebcd9341dd.tar.gz gnunet-e273b8d5760562499f807968139927ebcd9341dd.zip | |
fix possible infinite loop
Diffstat (limited to 'src')
| -rw-r--r-- | src/transport/plugin_transport_udp.c | 28 |
1 files changed, 18 insertions, 10 deletions
diff --git a/src/transport/plugin_transport_udp.c b/src/transport/plugin_transport_udp.c index 169e161e2..21f2b17d7 100644 --- a/src/transport/plugin_transport_udp.c +++ b/src/transport/plugin_transport_udp.c | |||
| @@ -1255,14 +1255,14 @@ udp_plugin_server_read (void *cls, const struct GNUNET_SCHEDULER_TaskContext *tc | |||
| 1255 | * @param sockinfo which socket did we receive the message on | 1255 | * @param sockinfo which socket did we receive the message on |
| 1256 | */ | 1256 | */ |
| 1257 | static void | 1257 | static void |
| 1258 | udp_demultiplexer(struct Plugin *plugin, struct GNUNET_PeerIdentity *sender, | 1258 | udp_demultiplexer(struct Plugin *plugin, |
| 1259 | struct GNUNET_PeerIdentity *sender, | ||
| 1259 | const struct GNUNET_MessageHeader *currhdr, | 1260 | const struct GNUNET_MessageHeader *currhdr, |
| 1260 | const void *sender_addr, | 1261 | const void *sender_addr, |
| 1261 | size_t fromlen, struct UDP_Sock_Info *sockinfo) | 1262 | size_t fromlen, struct UDP_Sock_Info *sockinfo) |
| 1262 | { | 1263 | { |
| 1263 | struct UDP_NAT_ProbeMessageReply *outgoing_probe_reply; | 1264 | struct UDP_NAT_ProbeMessageReply *outgoing_probe_reply; |
| 1264 | struct UDP_NAT_ProbeMessageConfirmation *outgoing_probe_confirmation; | 1265 | struct UDP_NAT_ProbeMessageConfirmation *outgoing_probe_confirmation; |
| 1265 | |||
| 1266 | char addr_buf[INET_ADDRSTRLEN]; | 1266 | char addr_buf[INET_ADDRSTRLEN]; |
| 1267 | struct UDP_NAT_Probes *outgoing_probe; | 1267 | struct UDP_NAT_Probes *outgoing_probe; |
| 1268 | struct PeerSession *peer_session; | 1268 | struct PeerSession *peer_session; |
| @@ -1509,7 +1509,6 @@ udp_plugin_select (void *cls, | |||
| 1509 | char addr[32]; | 1509 | char addr[32]; |
| 1510 | ssize_t ret; | 1510 | ssize_t ret; |
| 1511 | int offset; | 1511 | int offset; |
| 1512 | int count; | ||
| 1513 | int tsize; | 1512 | int tsize; |
| 1514 | char *msgbuf; | 1513 | char *msgbuf; |
| 1515 | const struct GNUNET_MessageHeader *currhdr; | 1514 | const struct GNUNET_MessageHeader *currhdr; |
| @@ -1520,6 +1519,7 @@ udp_plugin_select (void *cls, | |||
| 1520 | const void *ca; | 1519 | const void *ca; |
| 1521 | size_t calen; | 1520 | size_t calen; |
| 1522 | struct UDP_Sock_Info *udp_sock; | 1521 | struct UDP_Sock_Info *udp_sock; |
| 1522 | uint16_t csize; | ||
| 1523 | 1523 | ||
| 1524 | plugin->select_task = GNUNET_SCHEDULER_NO_TASK; | 1524 | plugin->select_task = GNUNET_SCHEDULER_NO_TASK; |
| 1525 | if (tc->reason == GNUNET_SCHEDULER_REASON_SHUTDOWN) | 1525 | if (tc->reason == GNUNET_SCHEDULER_REASON_SHUTDOWN) |
| @@ -1577,7 +1577,9 @@ udp_plugin_select (void *cls, | |||
| 1577 | return; | 1577 | return; |
| 1578 | } | 1578 | } |
| 1579 | msg = (struct UDPMessage *) buf; | 1579 | msg = (struct UDPMessage *) buf; |
| 1580 | if (ntohs (msg->header.size) < sizeof (struct UDPMessage)) | 1580 | csize = ntohs (msg->header.size); |
| 1581 | if ( (csize < sizeof (struct UDPMessage)) || | ||
| 1582 | (csize > ret) ) | ||
| 1581 | { | 1583 | { |
| 1582 | GNUNET_break_op (0); | 1584 | GNUNET_break_op (0); |
| 1583 | plugin->select_task = | 1585 | plugin->select_task = |
| @@ -1590,14 +1592,20 @@ udp_plugin_select (void *cls, | |||
| 1590 | msgbuf = (char *)&msg[1]; | 1592 | msgbuf = (char *)&msg[1]; |
| 1591 | memcpy (&sender, &msg->sender, sizeof (struct GNUNET_PeerIdentity)); | 1593 | memcpy (&sender, &msg->sender, sizeof (struct GNUNET_PeerIdentity)); |
| 1592 | offset = 0; | 1594 | offset = 0; |
| 1593 | count = 0; | 1595 | tsize = csize - sizeof (struct UDPMessage); |
| 1594 | tsize = ntohs (msg->header.size) - sizeof(struct UDPMessage); | 1596 | while (offset + sizeof (struct GNUNET_MessageHeader) <= tsize) |
| 1595 | while (offset < tsize) | ||
| 1596 | { | 1597 | { |
| 1597 | currhdr = (struct GNUNET_MessageHeader *)&msgbuf[offset]; | 1598 | currhdr = (struct GNUNET_MessageHeader *)&msgbuf[offset]; |
| 1598 | udp_demultiplexer(plugin, &sender, currhdr, ca, calen, udp_sock); | 1599 | csize = ntohs (currhdr->size); |
| 1599 | offset += ntohs(currhdr->size); | 1600 | if ( (csize < sizeof (struct GNUNET_MessageHeader)) || |
| 1600 | count++; | 1601 | (csize > tsize - offset) ) |
| 1602 | { | ||
| 1603 | GNUNET_break_op (0); | ||
| 1604 | break; | ||
| 1605 | } | ||
| 1606 | udp_demultiplexer(plugin, &sender, currhdr, | ||
| 1607 | ca, calen, udp_sock); | ||
| 1608 | offset += csize; | ||
| 1601 | } | 1609 | } |
| 1602 | plugin->select_task = | 1610 | plugin->select_task = |
| 1603 | GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_DEFAULT, | 1611 | GNUNET_SCHEDULER_add_select (GNUNET_SCHEDULER_PRIORITY_DEFAULT, |