summaryrefslogtreecommitdiff
path: root/toxcore/Messenger.c
diff options
context:
space:
mode:
Diffstat (limited to 'toxcore/Messenger.c')
-rw-r--r--toxcore/Messenger.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/toxcore/Messenger.c b/toxcore/Messenger.c
index 83aaf19b..911c92da 100644
--- a/toxcore/Messenger.c
+++ b/toxcore/Messenger.c
@@ -1051,7 +1051,7 @@ static int file_sendrequest(const Messenger *m, int32_t friendnumber, uint8_t fi
1051 * Maximum filename length is 255 bytes. 1051 * Maximum filename length is 255 bytes.
1052 * return file number on success 1052 * return file number on success
1053 * return -1 if friend not found. 1053 * return -1 if friend not found.
1054 * return -2 if filename too big. 1054 * return -2 if filename length invalid.
1055 * return -3 if no more file sending slots left. 1055 * return -3 if no more file sending slots left.
1056 * return -4 if could not send packet (friend offline). 1056 * return -4 if could not send packet (friend offline).
1057 * 1057 *
@@ -1065,6 +1065,9 @@ long int new_filesender(const Messenger *m, int32_t friendnumber, uint32_t file_
1065 if (filename_length > MAX_FILENAME_LENGTH) 1065 if (filename_length > MAX_FILENAME_LENGTH)
1066 return -2; 1066 return -2;
1067 1067
1068 if (file_type == FILEKIND_AVATAR && filename_length != crypto_hash_sha256_BYTES)
1069 return -2;
1070
1068 uint32_t i; 1071 uint32_t i;
1069 1072
1070 for (i = 0; i < MAX_CONCURRENT_FILE_PIPES; ++i) { 1073 for (i = 0; i < MAX_CONCURRENT_FILE_PIPES; ++i) {
@@ -1937,9 +1940,14 @@ static int handle_packet(void *object, int i, uint8_t *temp, uint16_t len)
1937 uint8_t filenumber = data[0]; 1940 uint8_t filenumber = data[0];
1938 uint64_t filesize; 1941 uint64_t filesize;
1939 uint32_t file_type; 1942 uint32_t file_type;
1943 uint16_t filename_length = data_length - head_length;
1940 memcpy(&file_type, data + 1, sizeof(file_type)); 1944 memcpy(&file_type, data + 1, sizeof(file_type));
1941 file_type = ntohl(file_type); 1945 file_type = ntohl(file_type);
1942 1946
1947 /* Check if the name is the right size if file is avatar. */
1948 if (file_type == FILEKIND_AVATAR && filename_length != crypto_hash_sha256_BYTES)
1949 break;
1950
1943 memcpy(&filesize, data + 1 + sizeof(uint32_t), sizeof(filesize)); 1951 memcpy(&filesize, data + 1 + sizeof(uint32_t), sizeof(filesize));
1944 net_to_host((uint8_t *) &filesize, sizeof(filesize)); 1952 net_to_host((uint8_t *) &filesize, sizeof(filesize));
1945 m->friendlist[i].file_receiving[filenumber].status = FILESTATUS_NOT_ACCEPTED; 1953 m->friendlist[i].file_receiving[filenumber].status = FILESTATUS_NOT_ACCEPTED;
@@ -1948,16 +1956,16 @@ static int handle_packet(void *object, int i, uint8_t *temp, uint16_t len)
1948 m->friendlist[i].file_receiving[filenumber].paused = FILE_PAUSE_NOT; 1956 m->friendlist[i].file_receiving[filenumber].paused = FILE_PAUSE_NOT;
1949 1957
1950 /* Force NULL terminate file name. */ 1958 /* Force NULL terminate file name. */
1951 uint8_t filename_terminated[data_length - head_length + 1]; 1959 uint8_t filename_terminated[filename_length + 1];
1952 memcpy(filename_terminated, data + head_length, data_length - head_length); 1960 memcpy(filename_terminated, data + head_length, filename_length);
1953 filename_terminated[data_length - head_length] = 0; 1961 filename_terminated[filename_length] = 0;
1954 1962
1955 uint32_t real_filenumber = filenumber; 1963 uint32_t real_filenumber = filenumber;
1956 real_filenumber += 1; 1964 real_filenumber += 1;
1957 real_filenumber <<= 16; 1965 real_filenumber <<= 16;
1958 1966
1959 if (m->file_sendrequest) 1967 if (m->file_sendrequest)
1960 (*m->file_sendrequest)(m, i, real_filenumber, file_type, filesize, filename_terminated, data_length - head_length, 1968 (*m->file_sendrequest)(m, i, real_filenumber, file_type, filesize, filename_terminated, filename_length,
1961 m->file_sendrequest_userdata); 1969 m->file_sendrequest_userdata);
1962 1970
1963 break; 1971 break;
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-02 22:28:50 +0000