diff options
Diffstat (limited to 'toxcore/friend_requests.c')
-rw-r--r-- | toxcore/friend_requests.c | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/toxcore/friend_requests.c b/toxcore/friend_requests.c index 469ab02d..eb2a791c 100644 --- a/toxcore/friend_requests.c +++ b/toxcore/friend_requests.c | |||
@@ -37,10 +37,10 @@ | |||
37 | */ | 37 | */ |
38 | int send_friendrequest(Onion_Client *onion_c, uint8_t *public_key, uint32_t nospam_num, uint8_t *data, uint32_t length) | 38 | int send_friendrequest(Onion_Client *onion_c, uint8_t *public_key, uint32_t nospam_num, uint8_t *data, uint32_t length) |
39 | { | 39 | { |
40 | if (length + sizeof(nospam_num) > MAX_DATA_SIZE) | 40 | if (1 + sizeof(nospam_num) + length > ONION_CLIENT_MAX_DATA_SIZE || length == 0) |
41 | return -1; | 41 | return -1; |
42 | 42 | ||
43 | uint8_t temp[MAX_DATA_SIZE]; | 43 | uint8_t temp[1 + sizeof(nospam_num) + length]; |
44 | temp[0] = CRYPTO_PACKET_FRIEND_REQ; | 44 | temp[0] = CRYPTO_PACKET_FRIEND_REQ; |
45 | memcpy(temp + 1, &nospam_num, sizeof(nospam_num)); | 45 | memcpy(temp + 1, &nospam_num, sizeof(nospam_num)); |
46 | memcpy(temp + 1 + sizeof(nospam_num), data, length); | 46 | memcpy(temp + 1 + sizeof(nospam_num), data, length); |
@@ -50,7 +50,7 @@ int send_friendrequest(Onion_Client *onion_c, uint8_t *public_key, uint32_t nosp | |||
50 | if (friend_num == -1) | 50 | if (friend_num == -1) |
51 | return -1; | 51 | return -1; |
52 | 52 | ||
53 | int num = send_onion_data(onion_c, friend_num, temp, 1 + sizeof(nospam_num) + length); | 53 | int num = send_onion_data(onion_c, friend_num, temp, sizeof(temp)); |
54 | 54 | ||
55 | if (num <= 0) | 55 | if (num <= 0) |
56 | return -1; | 56 | return -1; |
@@ -135,20 +135,17 @@ int remove_request_received(Friend_Requests *fr, uint8_t *client_id) | |||
135 | 135 | ||
136 | static int friendreq_handlepacket(void *object, uint8_t *source_pubkey, uint8_t *packet, uint32_t length) | 136 | static int friendreq_handlepacket(void *object, uint8_t *source_pubkey, uint8_t *packet, uint32_t length) |
137 | { | 137 | { |
138 | if (length == 0) | 138 | Friend_Requests *fr = object; |
139 | |||
140 | if (length <= 1 + sizeof(fr->nospam) || length > ONION_CLIENT_MAX_DATA_SIZE) | ||
139 | return 1; | 141 | return 1; |
140 | 142 | ||
141 | ++packet; | 143 | ++packet; |
142 | --length; | 144 | --length; |
143 | 145 | ||
144 | Friend_Requests *fr = object; | ||
145 | |||
146 | if (fr->handle_friendrequest_isset == 0) | 146 | if (fr->handle_friendrequest_isset == 0) |
147 | return 1; | 147 | return 1; |
148 | 148 | ||
149 | if (length <= sizeof(fr->nospam)) | ||
150 | return 1; | ||
151 | |||
152 | if (request_received(fr, source_pubkey)) | 149 | if (request_received(fr, source_pubkey)) |
153 | return 1; | 150 | return 1; |
154 | 151 | ||
@@ -161,11 +158,12 @@ static int friendreq_handlepacket(void *object, uint8_t *source_pubkey, uint8_t | |||
161 | 158 | ||
162 | addto_receivedlist(fr, source_pubkey); | 159 | addto_receivedlist(fr, source_pubkey); |
163 | 160 | ||
164 | uint8_t message[length - 4 + 1]; | 161 | uint32_t message_len = length - sizeof(fr->nospam); |
165 | memcpy(message, packet + 4, length - 4); | 162 | uint8_t message[message_len + 1]; |
163 | memcpy(message, packet + sizeof(fr->nospam), message_len); | ||
166 | message[sizeof(message) - 1] = 0; /* Be sure the message is null terminated. */ | 164 | message[sizeof(message) - 1] = 0; /* Be sure the message is null terminated. */ |
167 | 165 | ||
168 | (*fr->handle_friendrequest)(fr->handle_friendrequest_object, source_pubkey, message, length - 4, | 166 | (*fr->handle_friendrequest)(fr->handle_friendrequest_object, source_pubkey, message, message_len, |
169 | fr->handle_friendrequest_userdata); | 167 | fr->handle_friendrequest_userdata); |
170 | return 0; | 168 | return 0; |
171 | } | 169 | } |