diff options
Diffstat (limited to 'toxcore/friend_requests.c')
| -rw-r--r-- | toxcore/friend_requests.c | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/toxcore/friend_requests.c b/toxcore/friend_requests.c index 469ab02d..eb2a791c 100644 --- a/toxcore/friend_requests.c +++ b/toxcore/friend_requests.c | |||
| @@ -37,10 +37,10 @@ | |||
| 37 | */ | 37 | */ |
| 38 | int send_friendrequest(Onion_Client *onion_c, uint8_t *public_key, uint32_t nospam_num, uint8_t *data, uint32_t length) | 38 | int send_friendrequest(Onion_Client *onion_c, uint8_t *public_key, uint32_t nospam_num, uint8_t *data, uint32_t length) |
| 39 | { | 39 | { |
| 40 | if (length + sizeof(nospam_num) > MAX_DATA_SIZE) | 40 | if (1 + sizeof(nospam_num) + length > ONION_CLIENT_MAX_DATA_SIZE || length == 0) |
| 41 | return -1; | 41 | return -1; |
| 42 | 42 | ||
| 43 | uint8_t temp[MAX_DATA_SIZE]; | 43 | uint8_t temp[1 + sizeof(nospam_num) + length]; |
| 44 | temp[0] = CRYPTO_PACKET_FRIEND_REQ; | 44 | temp[0] = CRYPTO_PACKET_FRIEND_REQ; |
| 45 | memcpy(temp + 1, &nospam_num, sizeof(nospam_num)); | 45 | memcpy(temp + 1, &nospam_num, sizeof(nospam_num)); |
| 46 | memcpy(temp + 1 + sizeof(nospam_num), data, length); | 46 | memcpy(temp + 1 + sizeof(nospam_num), data, length); |
| @@ -50,7 +50,7 @@ int send_friendrequest(Onion_Client *onion_c, uint8_t *public_key, uint32_t nosp | |||
| 50 | if (friend_num == -1) | 50 | if (friend_num == -1) |
| 51 | return -1; | 51 | return -1; |
| 52 | 52 | ||
| 53 | int num = send_onion_data(onion_c, friend_num, temp, 1 + sizeof(nospam_num) + length); | 53 | int num = send_onion_data(onion_c, friend_num, temp, sizeof(temp)); |
| 54 | 54 | ||
| 55 | if (num <= 0) | 55 | if (num <= 0) |
| 56 | return -1; | 56 | return -1; |
| @@ -135,20 +135,17 @@ int remove_request_received(Friend_Requests *fr, uint8_t *client_id) | |||
| 135 | 135 | ||
| 136 | static int friendreq_handlepacket(void *object, uint8_t *source_pubkey, uint8_t *packet, uint32_t length) | 136 | static int friendreq_handlepacket(void *object, uint8_t *source_pubkey, uint8_t *packet, uint32_t length) |
| 137 | { | 137 | { |
| 138 | if (length == 0) | 138 | Friend_Requests *fr = object; |
| 139 | |||
| 140 | if (length <= 1 + sizeof(fr->nospam) || length > ONION_CLIENT_MAX_DATA_SIZE) | ||
| 139 | return 1; | 141 | return 1; |
| 140 | 142 | ||
| 141 | ++packet; | 143 | ++packet; |
| 142 | --length; | 144 | --length; |
| 143 | 145 | ||
| 144 | Friend_Requests *fr = object; | ||
| 145 | |||
| 146 | if (fr->handle_friendrequest_isset == 0) | 146 | if (fr->handle_friendrequest_isset == 0) |
| 147 | return 1; | 147 | return 1; |
| 148 | 148 | ||
| 149 | if (length <= sizeof(fr->nospam)) | ||
| 150 | return 1; | ||
| 151 | |||
| 152 | if (request_received(fr, source_pubkey)) | 149 | if (request_received(fr, source_pubkey)) |
| 153 | return 1; | 150 | return 1; |
| 154 | 151 | ||
| @@ -161,11 +158,12 @@ static int friendreq_handlepacket(void *object, uint8_t *source_pubkey, uint8_t | |||
| 161 | 158 | ||
| 162 | addto_receivedlist(fr, source_pubkey); | 159 | addto_receivedlist(fr, source_pubkey); |
| 163 | 160 | ||
| 164 | uint8_t message[length - 4 + 1]; | 161 | uint32_t message_len = length - sizeof(fr->nospam); |
| 165 | memcpy(message, packet + 4, length - 4); | 162 | uint8_t message[message_len + 1]; |
| 163 | memcpy(message, packet + sizeof(fr->nospam), message_len); | ||
| 166 | message[sizeof(message) - 1] = 0; /* Be sure the message is null terminated. */ | 164 | message[sizeof(message) - 1] = 0; /* Be sure the message is null terminated. */ |
| 167 | 165 | ||
| 168 | (*fr->handle_friendrequest)(fr->handle_friendrequest_object, source_pubkey, message, length - 4, | 166 | (*fr->handle_friendrequest)(fr->handle_friendrequest_object, source_pubkey, message, message_len, |
| 169 | fr->handle_friendrequest_userdata); | 167 | fr->handle_friendrequest_userdata); |
| 170 | return 0; | 168 | return 0; |
| 171 | } | 169 | } |