StarMirror/toxcore
1
0
Fork 0
mirror of https://github.com/irungentoo/toxcore.git synced 2024-03-22 13:30:51 +08:00
Code Issues Projects Releases Wiki Activity

Fix buffer over-read when a peer leaves a conference

Browse Source 
Fixes 1598 -- thanks to peirick for reporting the bug.
This commit is contained in:
zugz (tox) 2020-05-20 00:00:01 +00:00 committed by iphydf
parent 57b0651ffd
commit f12347dfec
No known key found for this signature in database
GPG Key ID: 3855DBA2D74403C9
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
toxcore/group.c
View File

@ -2663,6 +2663,10 @@ static void handle_message_packet_group(Group_Chats *g_c, uint32_t groupnumber,
return;
}
uint8_t real_pk[CRYPTO_PUBLIC_KEY_SIZE];
get_friendcon_public_keys(real_pk, nullptr, g_c->fr_c, g->connections[connection_index].number);
const bool direct_from_sender = id_equal(g->group[index].real_pk, real_pk);
switch (message_id) {
case GROUP_MESSAGE_PING_ID:
break;
@ -2759,11 +2763,7 @@ static void handle_message_packet_group(Group_Chats *g_c, uint32_t groupnumber,
* back. When the sender only has one group connection (e.g. because there
* are only two peers in the group), this is the only way for them to
* receive their own message. */
uint8_t real_pk[CRYPTO_PUBLIC_KEY_SIZE];
get_friendcon_public_keys(real_pk, nullptr, g_c->fr_c, g->connections[connection_index].number);
bool relay_back = id_equal(g->group[index].real_pk, real_pk);
send_message_all_connections(g_c, g, data, length, relay_back ? -1 : connection_index);
send_message_all_connections(g_c, g, data, length, direct_from_sender ? -1 : connection_index);
}
static int g_handle_packet(void *object, int friendcon_id, const uint8_t *data, uint16_t length, void *userdata)