diff options
| -rw-r--r-- | toxcore/Messenger.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/toxcore/Messenger.c b/toxcore/Messenger.c index 621f7130..f97a3320 100644 --- a/toxcore/Messenger.c +++ b/toxcore/Messenger.c | |||
| @@ -808,18 +808,16 @@ void doFriends(Messenger *m) | |||
| 808 | } | 808 | } |
| 809 | 809 | ||
| 810 | case PACKET_ID_STATUSMESSAGE: { | 810 | case PACKET_ID_STATUSMESSAGE: { |
| 811 | if (data_length == 0) | 811 | if (data_length == 0 || data_length > MAX_STATUSMESSAGE_LENGTH) |
| 812 | break; | 812 | break; |
| 813 | 813 | ||
| 814 | uint8_t *status = calloc(MIN(data_length, MAX_STATUSMESSAGE_LENGTH), 1); | 814 | data[data_length - 1] = 0; /* Make sure the NULL terminator is present. */ |
| 815 | memcpy(status, data, MIN(data_length, MAX_STATUSMESSAGE_LENGTH)); | ||
| 816 | 815 | ||
| 817 | if (m->friend_statusmessagechange) | 816 | if (m->friend_statusmessagechange) |
| 818 | m->friend_statusmessagechange(m, i, status, MIN(data_length, MAX_STATUSMESSAGE_LENGTH), | 817 | m->friend_statusmessagechange(m, i, data, data_length, |
| 819 | m->friend_statuschange_userdata); | 818 | m->friend_statuschange_userdata); |
| 820 | 819 | ||
| 821 | set_friend_statusmessage(m, i, status, MIN(data_length, MAX_STATUSMESSAGE_LENGTH)); | 820 | set_friend_statusmessage(m, i, data, data_length); |
| 822 | free(status); | ||
| 823 | break; | 821 | break; |
| 824 | } | 822 | } |
| 825 | 823 | ||
| @@ -839,9 +837,15 @@ void doFriends(Messenger *m) | |||
| 839 | case PACKET_ID_MESSAGE: { | 837 | case PACKET_ID_MESSAGE: { |
| 840 | uint8_t *message_id = data; | 838 | uint8_t *message_id = data; |
| 841 | uint8_t message_id_length = 4; | 839 | uint8_t message_id_length = 4; |
| 840 | |||
| 841 | if (data_length <= message_id_length) | ||
| 842 | break; | ||
| 843 | |||
| 842 | uint8_t *message = data + message_id_length; | 844 | uint8_t *message = data + message_id_length; |
| 843 | uint16_t message_length = data_length - message_id_length; | 845 | uint16_t message_length = data_length - message_id_length; |
| 844 | 846 | ||
| 847 | message[message_length - 1] = 0;/* Make sure the NULL terminator is present. */ | ||
| 848 | |||
| 845 | if (m->friendlist[i].receives_read_receipts) { | 849 | if (m->friendlist[i].receives_read_receipts) { |
| 846 | write_cryptpacket_id(m, i, PACKET_ID_RECEIPT, message_id, message_id_length); | 850 | write_cryptpacket_id(m, i, PACKET_ID_RECEIPT, message_id, message_id_length); |
| 847 | } | 851 | } |
| @@ -853,6 +857,11 @@ void doFriends(Messenger *m) | |||
| 853 | } | 857 | } |
| 854 | 858 | ||
| 855 | case PACKET_ID_ACTION: { | 859 | case PACKET_ID_ACTION: { |
| 860 | if (data_length == 0) | ||
| 861 | break; | ||
| 862 | |||
| 863 | data[data_length - 1] = 0;/* Make sure the NULL terminator is present. */ | ||
| 864 | |||
| 856 | if (m->friend_action) | 865 | if (m->friend_action) |
| 857 | (*m->friend_action)(m, i, data, data_length, m->friend_action_userdata); | 866 | (*m->friend_action)(m, i, data, data_length, m->friend_action_userdata); |
| 858 | 867 | ||