StarMirror/toxcore
1
0
Fork 0
mirror of https://github.com/irungentoo/toxcore.git synced 2024-03-22 13:30:51 +08:00
Code Issues Projects Releases Wiki Activity

Avoid array out of bounds read in friend saving.

Browse Source 
Fixes #345.
This commit is contained in:
iphydf 2016-12-19 16:24:16 +00:00
parent c5ced9b2d8
commit 5237844877
No known key found for this signature in database
GPG Key ID: 3855DBA2D74403C9
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
toxcore/Messenger.c
View File

@ -2728,11 +2728,10 @@ static uint32_t friends_list_save(const Messenger *m, uint8_t *data)
memcpy(temp.real_pk, m->friendlist[i].real_pk, crypto_box_PUBLICKEYBYTES); memcpy(temp.real_pk, m->friendlist[i].real_pk, crypto_box_PUBLICKEYBYTES);
if (temp.status < 3) { if (temp.status < 3) {
if (m->friendlist[i].info_size > SAVED_FRIEND_REQUEST_SIZE) { const size_t friendrequest_length =
memcpy(temp.info, m->friendlist[i].info, SAVED_FRIEND_REQUEST_SIZE); MIN(m->friendlist[i].info_size,
} else { MIN(SAVED_FRIEND_REQUEST_SIZE, MAX_FRIEND_REQUEST_DATA_SIZE));
memcpy(temp.info, m->friendlist[i].info, m->friendlist[i].info_size); memcpy(temp.info, m->friendlist[i].info, friendrequest_length);
}
temp.info_size = htons(m->friendlist[i].info_size); temp.info_size = htons(m->friendlist[i].info_size);
temp.friendrequest_nospam = m->friendlist[i].friendrequest_nospam; temp.friendrequest_nospam = m->friendlist[i].friendrequest_nospam;