Fix bug where friendreq_handlepacket did not do bounds checking

author: Nick ODell <nickodell@gmail.com> 2013-08-05 14:54:53 -0600
committer: Nick ODell <nickodell@gmail.com> 2013-08-05 14:54:53 -0600
commit: 84607c893799ebab736336267c58b12d4fd5b037 (patch)
tree: 4faa5c0a8ac0716df0d5badd7357d4cfb0af64bf /core/friend_requests.c
parent: 9364db9effb37a44e4de8166c00af00e5320c803 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/core/friend_requests.c b/core/friend_requests.c
index f1ffb8d0..5550b662 100644
--- a/core/friend_requests.c
+++ b/core/friend_requests.c
@@ -104,7 +104,7 @@ static int request_recieved(uint8_t * client_id)
 int friendreq_handlepacket(uint8_t * packet, uint32_t length, IP_Port source)
 {
    if (packet[0] == 32) {
-        if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING &&
+        if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING ||
            length > MAX_DATA_SIZE + ENCRYPTION_PADDING)
            return 1;
        if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {// check if request is for us.
author	Nick ODell <nickodell@gmail.com>	2013-08-05 14:54:53 -0600
committer	Nick ODell <nickodell@gmail.com>	2013-08-05 14:54:53 -0600
commit	84607c893799ebab736336267c58b12d4fd5b037 (patch)
tree	4faa5c0a8ac0716df0d5badd7357d4cfb0af64bf /core/friend_requests.c
parent	9364db9effb37a44e4de8166c00af00e5320c803 (diff)

diff --git a/core/friend_requests.c b/core/friend_requests.c index f1ffb8d0..5550b662 100644 --- a/core/friend_requests.c +++ b/core/friend_requests.c
@@ -104,7 +104,7 @@ static int request_recieved(uint8_t * client_id)
104	int friendreq_handlepacket(uint8_t * packet, uint32_t length, IP_Port source)	104	int friendreq_handlepacket(uint8_t * packet, uint32_t length, IP_Port source)
105	{	105	{
106	if (packet[0] == 32) {	106	if (packet[0] == 32) {
107	if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING &&	107	if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING \|\|
108	length > MAX_DATA_SIZE + ENCRYPTION_PADDING)	108	length > MAX_DATA_SIZE + ENCRYPTION_PADDING)
109	return 1;	109	return 1;
110	if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {// check if request is for us.	110	if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {// check if request is for us.