Added length checks

This commit is contained in:
Maxim Biro 2013-08-07 20:23:48 -04:00
parent f669b28a6c
commit b6a3f2b403

View File

@ -541,6 +541,8 @@ static void doFriends(void)
break; break;
} }
case PACKET_ID_STATUSMESSAGE: { case PACKET_ID_STATUSMESSAGE: {
if (len < 2)
break;
uint8_t *status = calloc(MIN(len - 1, MAX_STATUSMESSAGE_LENGTH), 1); uint8_t *status = calloc(MIN(len - 1, MAX_STATUSMESSAGE_LENGTH), 1);
memcpy(status, temp + 1, MIN(len - 1, MAX_STATUSMESSAGE_LENGTH)); memcpy(status, temp + 1, MIN(len - 1, MAX_STATUSMESSAGE_LENGTH));
if (friend_statusmessagechange_isset) if (friend_statusmessagechange_isset)
@ -550,6 +552,8 @@ static void doFriends(void)
break; break;
} }
case PACKET_ID_USERSTATUS: { case PACKET_ID_USERSTATUS: {
if (len != 2)
break;
USERSTATUS status = *(temp + 1); USERSTATUS status = *(temp + 1);
if (friend_userstatuschange_isset) if (friend_userstatuschange_isset)
friend_userstatuschange(i, status); friend_userstatuschange(i, status);