StarMirror/toxcore
1
0
Fork 0
mirror of https://github.com/irungentoo/toxcore.git synced 2024-03-22 13:30:51 +08:00
Code Issues Projects Releases Wiki Activity

fix: Fix a stack overflow triggered by small DHT packets.

Browse Source 
This isn't in production yet. It's in the new announce store code. The
problem was that a negative plain_len was converted to unsigned, which
made it a very large number.
This commit is contained in:
iphydf 2022-04-04 08:07:31 +00:00
parent 2c06ef6ad4
commit 7a4cc107c0
No known key found for this signature in database
GPG Key ID: 3855DBA2D74403C9
3 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
other/bootstrap_daemon/docker/tox-bootstrapd.sha256
View File

@ -1 +1 @@
139fe825b90c022bbefd3837c2a427ab9215be3ca62144ea7ff12ae7389c78ba /usr/local/bin/tox-bootstrapd
37e68ca853cd8b01b26c8d8c61d1db6546c08ed294f5650b691b7aadaf47ee18 /usr/local/bin/tox-bootstrapd

2
toxcore/DHT.c
View File

@ -1079,7 +1079,7 @@ static int handle_data_search_response(void *object, const IP_Port *source,
const int32_t plain_len = (int32_t)length - (1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + CRYPTO_MAC_SIZE);
if (plain_len < CRYPTO_PUBLIC_KEY_SIZE + sizeof(uint64_t)) {
if (plain_len < (int32_t)(CRYPTO_PUBLIC_KEY_SIZE + sizeof(uint64_t))) {
return 1;
}

2
toxcore/announce.c
View File

@ -544,7 +544,7 @@ static int create_reply(Announcements *announce, const IP_Port *source,
{
const int plain_len = (int)length - (1 + CRYPTO_PUBLIC_KEY_SIZE + CRYPTO_NONCE_SIZE + CRYPTO_MAC_SIZE);
if (plain_len < sizeof(uint64_t)) {
if (plain_len < (int)sizeof(uint64_t)) {
return -1;
}