Merge pull request #347 from nickodell/master

Fix bug where handle_NATping wouldn't perform bounds checking
author: irungentoo <irungentoo@gmail.com> 2013-08-05 14:56:28 -0700
committer: irungentoo <irungentoo@gmail.com> 2013-08-05 14:56:28 -0700
commit: 8618662e29a49c9412e296a1d7c6749e944431e5 (patch)
tree: 4faa5c0a8ac0716df0d5badd7357d4cfb0af64bf
parent: f0397ebb2b85100e2ac1b2d3a377ba012ab53240 (diff)
parent: 84607c893799ebab736336267c58b12d4fd5b037 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/core/DHT.c b/core/DHT.c
index 6375b86b..f6c48a6d 100644
--- a/core/DHT.c
+++ b/core/DHT.c
@@ -1108,7 +1108,7 @@ static int send_NATping(uint8_t * public_key, uint64_t ping_id, uint8_t type)
 static int handle_NATping(uint8_t * packet, uint32_t length, IP_Port source)
 {
    if (length < crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + ENCRYPTION_PADDING 
-            && length > MAX_DATA_SIZE + ENCRYPTION_PADDING)
+            || length > MAX_DATA_SIZE + ENCRYPTION_PADDING)
        return 1;
    /* check if request is for us. */
diff --git a/core/friend_requests.c b/core/friend_requests.c
index f1ffb8d0..5550b662 100644
--- a/core/friend_requests.c
+++ b/core/friend_requests.c
@@ -104,7 +104,7 @@ static int request_recieved(uint8_t * client_id)
 int friendreq_handlepacket(uint8_t * packet, uint32_t length, IP_Port source)
 {
    if (packet[0] == 32) {
-        if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING &&
+        if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING ||
            length > MAX_DATA_SIZE + ENCRYPTION_PADDING)
            return 1;
        if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {// check if request is for us.
author	irungentoo <irungentoo@gmail.com>	2013-08-05 14:56:28 -0700
committer	irungentoo <irungentoo@gmail.com>	2013-08-05 14:56:28 -0700
commit	8618662e29a49c9412e296a1d7c6749e944431e5 (patch)
tree	4faa5c0a8ac0716df0d5badd7357d4cfb0af64bf
parent	f0397ebb2b85100e2ac1b2d3a377ba012ab53240 (diff)
parent	84607c893799ebab736336267c58b12d4fd5b037 (diff)

diff --git a/core/DHT.c b/core/DHT.c index 6375b86b..f6c48a6d 100644 --- a/core/DHT.c +++ b/core/DHT.c
@@ -1108,7 +1108,7 @@ static int send_NATping(uint8_t * public_key, uint64_t ping_id, uint8_t type)
1108	static int handle_NATping(uint8_t * packet, uint32_t length, IP_Port source)	1108	static int handle_NATping(uint8_t * packet, uint32_t length, IP_Port source)
1109	{	1109	{
1110	if (length < crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + ENCRYPTION_PADDING	1110	if (length < crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + ENCRYPTION_PADDING
1111	&& length > MAX_DATA_SIZE + ENCRYPTION_PADDING)	1111	\|\| length > MAX_DATA_SIZE + ENCRYPTION_PADDING)
1112	return 1;	1112	return 1;
1113		1113
1114	/* check if request is for us. */	1114	/* check if request is for us. */


diff --git a/core/friend_requests.c b/core/friend_requests.c index f1ffb8d0..5550b662 100644 --- a/core/friend_requests.c +++ b/core/friend_requests.c
@@ -104,7 +104,7 @@ static int request_recieved(uint8_t * client_id)
104	int friendreq_handlepacket(uint8_t * packet, uint32_t length, IP_Port source)	104	int friendreq_handlepacket(uint8_t * packet, uint32_t length, IP_Port source)
105	{	105	{
106	if (packet[0] == 32) {	106	if (packet[0] == 32) {
107	if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING &&	107	if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING \|\|
108	length > MAX_DATA_SIZE + ENCRYPTION_PADDING)	108	length > MAX_DATA_SIZE + ENCRYPTION_PADDING)
109	return 1;	109	return 1;
110	if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {// check if request is for us.	110	if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {// check if request is for us.