Avatar hash is now the filename of the file transfer instead of the

first 32 bytes.

Enforce length of filename in core when transfer is an avatar type
transfer to make things more safe.
This commit is contained in:
irungentoo 2015-03-15 18:35:22 -04:00
parent 518a399eb0
commit ec659491b2
No known key found for this signature in database
GPG Key ID: 10349DC9BED89E98
4 changed files with 28 additions and 12 deletions

View File

@ -1051,7 +1051,7 @@ static int file_sendrequest(const Messenger *m, int32_t friendnumber, uint8_t fi
* Maximum filename length is 255 bytes. * Maximum filename length is 255 bytes.
* return file number on success * return file number on success
* return -1 if friend not found. * return -1 if friend not found.
* return -2 if filename too big. * return -2 if filename length invalid.
* return -3 if no more file sending slots left. * return -3 if no more file sending slots left.
* return -4 if could not send packet (friend offline). * return -4 if could not send packet (friend offline).
* *
@ -1065,6 +1065,9 @@ long int new_filesender(const Messenger *m, int32_t friendnumber, uint32_t file_
if (filename_length > MAX_FILENAME_LENGTH) if (filename_length > MAX_FILENAME_LENGTH)
return -2; return -2;
if (file_type == FILEKIND_AVATAR && filename_length != crypto_hash_sha256_BYTES)
return -2;
uint32_t i; uint32_t i;
for (i = 0; i < MAX_CONCURRENT_FILE_PIPES; ++i) { for (i = 0; i < MAX_CONCURRENT_FILE_PIPES; ++i) {
@ -1937,9 +1940,14 @@ static int handle_packet(void *object, int i, uint8_t *temp, uint16_t len)
uint8_t filenumber = data[0]; uint8_t filenumber = data[0];
uint64_t filesize; uint64_t filesize;
uint32_t file_type; uint32_t file_type;
uint16_t filename_length = data_length - head_length;
memcpy(&file_type, data + 1, sizeof(file_type)); memcpy(&file_type, data + 1, sizeof(file_type));
file_type = ntohl(file_type); file_type = ntohl(file_type);
/* Check if the name is the right size if file is avatar. */
if (file_type == FILEKIND_AVATAR && filename_length != crypto_hash_sha256_BYTES)
break;
memcpy(&filesize, data + 1 + sizeof(uint32_t), sizeof(filesize)); memcpy(&filesize, data + 1 + sizeof(uint32_t), sizeof(filesize));
net_to_host((uint8_t *) &filesize, sizeof(filesize)); net_to_host((uint8_t *) &filesize, sizeof(filesize));
m->friendlist[i].file_receiving[filenumber].status = FILESTATUS_NOT_ACCEPTED; m->friendlist[i].file_receiving[filenumber].status = FILESTATUS_NOT_ACCEPTED;
@ -1948,16 +1956,16 @@ static int handle_packet(void *object, int i, uint8_t *temp, uint16_t len)
m->friendlist[i].file_receiving[filenumber].paused = FILE_PAUSE_NOT; m->friendlist[i].file_receiving[filenumber].paused = FILE_PAUSE_NOT;
/* Force NULL terminate file name. */ /* Force NULL terminate file name. */
uint8_t filename_terminated[data_length - head_length + 1]; uint8_t filename_terminated[filename_length + 1];
memcpy(filename_terminated, data + head_length, data_length - head_length); memcpy(filename_terminated, data + head_length, filename_length);
filename_terminated[data_length - head_length] = 0; filename_terminated[filename_length] = 0;
uint32_t real_filenumber = filenumber; uint32_t real_filenumber = filenumber;
real_filenumber += 1; real_filenumber += 1;
real_filenumber <<= 16; real_filenumber <<= 16;
if (m->file_sendrequest) if (m->file_sendrequest)
(*m->file_sendrequest)(m, i, real_filenumber, file_type, filesize, filename_terminated, data_length - head_length, (*m->file_sendrequest)(m, i, real_filenumber, file_type, filesize, filename_terminated, filename_length,
m->file_sendrequest_userdata); m->file_sendrequest_userdata);
break; break;

View File

@ -159,6 +159,12 @@ enum {
FILECONTROL_RESUME_BROKEN FILECONTROL_RESUME_BROKEN
}; };
enum {
FILEKIND_DATA,
FILEKIND_AVATAR
};
typedef struct Messenger Messenger; typedef struct Messenger Messenger;
typedef struct { typedef struct {
@ -608,7 +614,7 @@ void callback_file_reqchunk(Messenger *m, void (*function)(Messenger *m, uint32_
* Maximum filename length is 255 bytes. * Maximum filename length is 255 bytes.
* return file number on success * return file number on success
* return -1 if friend not found. * return -1 if friend not found.
* return -2 if filename too big. * return -2 if filename length invalid.
* return -3 if no more file sending slots left. * return -3 if no more file sending slots left.
* return -4 if could not send packet (friend offline). * return -4 if could not send packet (friend offline).
* *

View File

@ -915,7 +915,7 @@ uint32_t tox_file_send(Tox *tox, uint32_t friend_number, uint32_t kind, uint64_t
return UINT32_MAX; return UINT32_MAX;
case -2: case -2:
SET_ERROR_PARAMETER(error, TOX_ERR_FILE_SEND_NAME_TOO_LONG); SET_ERROR_PARAMETER(error, TOX_ERR_FILE_SEND_NAME_INVALID_LENGTH);
return UINT32_MAX; return UINT32_MAX;
case -3: case -3:

View File

@ -1396,7 +1396,8 @@ enum TOX_FILE_KIND {
*/ */
TOX_FILE_KIND_DATA, TOX_FILE_KIND_DATA,
/** /**
* Avatar data. This consists of tox_hash(image) + image. * Avatar filename. This consists of tox_hash(image).
* Avatar data. This consists of the image data.
* *
* Avatars can be sent at any time the client wishes. Generally, a client will * Avatars can be sent at any time the client wishes. Generally, a client will
* send the avatar to a friend when that friend comes online, and to all * send the avatar to a friend when that friend comes online, and to all
@ -1406,8 +1407,8 @@ enum TOX_FILE_KIND {
* *
* Clients who receive avatar send requests can reject it (by sending * Clients who receive avatar send requests can reject it (by sending
* TOX_FILE_CONTROL_CANCEL before any other controls), or accept it (by * TOX_FILE_CONTROL_CANCEL before any other controls), or accept it (by
* sending TOX_FILE_CONTROL_RESUME). The first chunk will contain the hash in * sending TOX_FILE_CONTROL_RESUME). The filename of length TOX_HASH_LENGTH bytes
* its first TOX_HASH_LENGTH bytes. A client can compare this hash with a * will contain the hash. A client can compare this hash with a
* saved hash and send TOX_FILE_CONTROL_CANCEL to terminate the avatar * saved hash and send TOX_FILE_CONTROL_CANCEL to terminate the avatar
* transfer if it matches. * transfer if it matches.
*/ */
@ -1551,9 +1552,10 @@ typedef enum TOX_ERR_FILE_SEND {
*/ */
TOX_ERR_FILE_SEND_NAME_EMPTY, TOX_ERR_FILE_SEND_NAME_EMPTY,
/** /**
* Filename length exceeded 255 bytes. * Filename length exceeded 255 bytes or if kind was equal to TOX_FILE_KIND_AVATAR
* the length was not TOX_HASH_LENGTH.
*/ */
TOX_ERR_FILE_SEND_NAME_TOO_LONG, TOX_ERR_FILE_SEND_NAME_INVALID_LENGTH,
/** /**
* Too many ongoing transfers. The maximum number of concurrent file transfers * Too many ongoing transfers. The maximum number of concurrent file transfers
* is 256 per friend per direction (sending and receiving). * is 256 per friend per direction (sending and receiving).