diff options
| author | Maxim Biro <nurupo.contributions@gmail.com> | 2013-08-07 20:23:48 -0400 |
|---|---|---|
| committer | Maxim Biro <nurupo.contributions@gmail.com> | 2013-08-07 20:23:48 -0400 |
| commit | b6a3f2b403ba8a2ee28921420081225176fe2783 (patch) | |
| tree | 3e7df3452ba76d7164faddbeca8476242caed498 /core/Messenger.c | |
| parent | f669b28a6ca3e7a0fc2fc7d5cb8e73dacea3866f (diff) | |
Added length checks
Diffstat (limited to 'core/Messenger.c')
| -rw-r--r-- | core/Messenger.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/core/Messenger.c b/core/Messenger.c index f1d8b35e..b1050230 100644 --- a/core/Messenger.c +++ b/core/Messenger.c | |||
| @@ -541,6 +541,8 @@ static void doFriends(void) | |||
| 541 | break; | 541 | break; |
| 542 | } | 542 | } |
| 543 | case PACKET_ID_STATUSMESSAGE: { | 543 | case PACKET_ID_STATUSMESSAGE: { |
| 544 | if (len < 2) | ||
| 545 | break; | ||
| 544 | uint8_t *status = calloc(MIN(len - 1, MAX_STATUSMESSAGE_LENGTH), 1); | 546 | uint8_t *status = calloc(MIN(len - 1, MAX_STATUSMESSAGE_LENGTH), 1); |
| 545 | memcpy(status, temp + 1, MIN(len - 1, MAX_STATUSMESSAGE_LENGTH)); | 547 | memcpy(status, temp + 1, MIN(len - 1, MAX_STATUSMESSAGE_LENGTH)); |
| 546 | if (friend_statusmessagechange_isset) | 548 | if (friend_statusmessagechange_isset) |
| @@ -550,6 +552,8 @@ static void doFriends(void) | |||
| 550 | break; | 552 | break; |
| 551 | } | 553 | } |
| 552 | case PACKET_ID_USERSTATUS: { | 554 | case PACKET_ID_USERSTATUS: { |
| 555 | if (len != 2) | ||
| 556 | break; | ||
| 553 | USERSTATUS status = *(temp + 1); | 557 | USERSTATUS status = *(temp + 1); |
| 554 | if (friend_userstatuschange_isset) | 558 | if (friend_userstatuschange_isset) |
| 555 | friend_userstatuschange(i, status); | 559 | friend_userstatuschange(i, status); |