Merge pull request #347 from nickodell/master

Fix bug where handle_NATping wouldn't perform bounds checking
This commit is contained in:
irungentoo 2013-08-05 14:56:28 -07:00
commit 8618662e29
2 changed files with 2 additions and 2 deletions

View File

@ -1108,7 +1108,7 @@ static int send_NATping(uint8_t * public_key, uint64_t ping_id, uint8_t type)
static int handle_NATping(uint8_t * packet, uint32_t length, IP_Port source) static int handle_NATping(uint8_t * packet, uint32_t length, IP_Port source)
{ {
if (length < crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + ENCRYPTION_PADDING if (length < crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + ENCRYPTION_PADDING
&& length > MAX_DATA_SIZE + ENCRYPTION_PADDING) || length > MAX_DATA_SIZE + ENCRYPTION_PADDING)
return 1; return 1;
/* check if request is for us. */ /* check if request is for us. */

View File

@ -104,7 +104,7 @@ static int request_recieved(uint8_t * client_id)
int friendreq_handlepacket(uint8_t * packet, uint32_t length, IP_Port source) int friendreq_handlepacket(uint8_t * packet, uint32_t length, IP_Port source)
{ {
if (packet[0] == 32) { if (packet[0] == 32) {
if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING && if (length <= crypto_box_PUBLICKEYBYTES * 2 + crypto_box_NONCEBYTES + 1 + ENCRYPTION_PADDING ||
length > MAX_DATA_SIZE + ENCRYPTION_PADDING) length > MAX_DATA_SIZE + ENCRYPTION_PADDING)
return 1; return 1;
if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {// check if request is for us. if (memcmp(packet + 1, self_public_key, crypto_box_PUBLICKEYBYTES) == 0) {// check if request is for us.