Merge pull request #347 from nickodell/master

Fix bug where handle_NATping wouldn't perform bounds checking
2024-03-22 13:30:51 +08:00 · 2013-08-05 14:56:28 -07:00 · 2013-08-05 14:56:28 -07:00 · 8618662e29
commit 8618662e29
parent f0397ebb2b 84607c8937
2 changed files with 2 additions and 2 deletions
--- a/core/DHT.c
+++ b/core/DHT.c
@ -1108,7 +1108,7 @@ static int send_NATping(uint8_t * public_key, uint64_t ping_id, uint8_t type)
 static int handle_NATping(uint8_t * packet, uint32_t length, IP_Port source)
 {
    if (length < crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + ENCRYPTION_PADDING 
-            && length > MAX_DATA_SIZE + ENCRYPTION_PADDING)
+            || length > MAX_DATA_SIZE + ENCRYPTION_PADDING)
        return 1;

    /* check if request is for us. */
--- a/core/friend_requests.c
+++ b/core/friend_requests.c
@ -104,7 +104,7 @@ static int request_recieved(uint8_t * client_id)
 int friendreq_handlepacket(uint8_t * packet, uint32_t length, IP_Port source)
 {
    if (packet[0] == 32) {
-        if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING &&
+        if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING ||
            length > MAX_DATA_SIZE + ENCRYPTION_PADDING)
            return 1;
        if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {// check if request is for us.