diff options
author | Coren[m] <Break@Ocean> | 2013-09-16 09:40:47 +0200 |
---|---|---|
committer | Coren[m] <Break@Ocean> | 2013-09-16 09:40:47 +0200 |
commit | a069f67ab30c24d9ab0df61814941a12e5e0da34 (patch) | |
tree | 3bc4e52a27ab3f391dbc7fd3193cda294dfbb983 /toxcore | |
parent | 57d10f0a805b606c6f2df81879f71de0ed09dd96 (diff) |
additional length >= size checks
Messenger.c:
- additional size checks
- removed one pointless copying of data, instead using it directly
util.c:
- lost a newline vs. master
Diffstat (limited to 'toxcore')
-rw-r--r-- | toxcore/Messenger.c | 23 | ||||
-rw-r--r-- | toxcore/util.c | 1 |
2 files changed, 13 insertions, 11 deletions
diff --git a/toxcore/Messenger.c b/toxcore/Messenger.c index 5736c4e5..3886e8c3 100644 --- a/toxcore/Messenger.c +++ b/toxcore/Messenger.c | |||
@@ -1393,6 +1393,9 @@ static int Messenger_load_old(Messenger *m, uint8_t *data, uint32_t length) | |||
1393 | length -= sizeof(nospam); | 1393 | length -= sizeof(nospam); |
1394 | 1394 | ||
1395 | uint32_t size; | 1395 | uint32_t size; |
1396 | if (length < sizeof(size)) | ||
1397 | return -1; | ||
1398 | |||
1396 | memcpy(&size, data, sizeof(size)); | 1399 | memcpy(&size, data, sizeof(size)); |
1397 | data += sizeof(size); | 1400 | data += sizeof(size); |
1398 | length -= sizeof(size); | 1401 | length -= sizeof(size); |
@@ -1419,24 +1422,22 @@ static int Messenger_load_old(Messenger *m, uint8_t *data, uint32_t length) | |||
1419 | 1422 | ||
1420 | if (!(size % sizeof(Friend))) { | 1423 | if (!(size % sizeof(Friend))) { |
1421 | uint16_t num = size / sizeof(Friend); | 1424 | uint16_t num = size / sizeof(Friend); |
1422 | Friend temp[num]; | 1425 | Friend *friend_list = (Friend *)data; |
1423 | memcpy(temp, data, size); | ||
1424 | 1426 | ||
1425 | uint32_t i; | 1427 | uint32_t i; |
1426 | |||
1427 | for (i = 0; i < num; ++i) { | 1428 | for (i = 0; i < num; ++i) { |
1428 | if (temp[i].status >= 3) { | 1429 | if (friend_list[i].status >= 3) { |
1429 | int fnum = m_addfriend_norequest(m, temp[i].client_id); | 1430 | int fnum = m_addfriend_norequest(m, friend_list[i].client_id); |
1430 | setfriendname(m, fnum, temp[i].name, temp[i].name_length); | 1431 | setfriendname(m, fnum, friend_list[i].name, friend_list[i].name_length); |
1431 | /* set_friend_statusmessage(fnum, temp[i].statusmessage, temp[i].statusmessage_length); */ | 1432 | /* set_friend_statusmessage(fnum, temp[i].statusmessage, temp[i].statusmessage_length); */ |
1432 | } else if (temp[i].status != 0) { | 1433 | } else if (friend_list[i].status != 0) { |
1433 | /* TODO: This is not a good way to do this. */ | 1434 | /* TODO: This is not a good way to do this. */ |
1434 | uint8_t address[FRIEND_ADDRESS_SIZE]; | 1435 | uint8_t address[FRIEND_ADDRESS_SIZE]; |
1435 | memcpy(address, temp[i].client_id, crypto_box_PUBLICKEYBYTES); | 1436 | memcpy(address, friend_list[i].client_id, crypto_box_PUBLICKEYBYTES); |
1436 | memcpy(address + crypto_box_PUBLICKEYBYTES, &(temp[i].friendrequest_nospam), sizeof(uint32_t)); | 1437 | memcpy(address + crypto_box_PUBLICKEYBYTES, &(friend_list[i].friendrequest_nospam), sizeof(uint32_t)); |
1437 | uint16_t checksum = address_checksum(address, FRIEND_ADDRESS_SIZE - sizeof(checksum)); | 1438 | uint16_t checksum = address_checksum(address, FRIEND_ADDRESS_SIZE - sizeof(checksum)); |
1438 | memcpy(address + crypto_box_PUBLICKEYBYTES + sizeof(uint32_t), &checksum, sizeof(checksum)); | 1439 | memcpy(address + crypto_box_PUBLICKEYBYTES + sizeof(uint32_t), &checksum, sizeof(checksum)); |
1439 | m_addfriend(m, address, temp[i].info, temp[i].info_size); | 1440 | m_addfriend(m, address, friend_list[i].info, friend_list[i].info_size); |
1440 | } | 1441 | } |
1441 | } | 1442 | } |
1442 | } | 1443 | } |
@@ -1453,7 +1454,7 @@ static int Messenger_load_old(Messenger *m, uint8_t *data, uint32_t length) | |||
1453 | data += sizeof(small_size); | 1454 | data += sizeof(small_size); |
1454 | length -= sizeof(small_size); | 1455 | length -= sizeof(small_size); |
1455 | 1456 | ||
1456 | if (length != small_size) | 1457 | if (length < small_size) |
1457 | return -1; | 1458 | return -1; |
1458 | 1459 | ||
1459 | setname(m, data, small_size); | 1460 | setname(m, data, small_size); |
diff --git a/toxcore/util.c b/toxcore/util.c index ad6a4a83..c0a0db1e 100644 --- a/toxcore/util.c +++ b/toxcore/util.c | |||
@@ -13,6 +13,7 @@ | |||
13 | 13 | ||
14 | /* for CLIENT_ID_SIZE */ | 14 | /* for CLIENT_ID_SIZE */ |
15 | #include "DHT.h" | 15 | #include "DHT.h" |
16 | |||
16 | #include "util.h" | 17 | #include "util.h" |
17 | 18 | ||
18 | uint64_t now() | 19 | uint64_t now() |