Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-01-14 00:49:41 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

added proper check for size w.r.t. RsSerialiser::MAX_SERIAL_SIZE before publishing GXS message, and proper handling of error if de-deserialization produces an item that is too large as well

Browse Source
This commit is contained in:
csoler 2021-01-10 20:32:30 +01:00
parent 5a1e6b8b60
commit 0f9aa519a5
1 changed files with 29 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
libretroshare/src/gxs/rsgenexchange.cc
View File

@ -2309,7 +2309,16 @@ void RsGenExchange::publishMsgs()
uint32_t token = mit->first; uint32_t token = mit->first;
uint32_t size = mSerialiser->size(msgItem); uint32_t size = mSerialiser->size(msgItem);
char* mData = new char[size];
if(size > RsSerialiser::MAX_SERIAL_SIZE)
{
std::cerr << "Trying to publish a GXS message larger than the accepted maximal size of " << RsSerialiser::MAX_SERIAL_SIZE << " bytes. This is a bug." << std::endl;
mDataAccess->updatePublicRequestStatus(token, RsTokenService::FAILED);
delete msgItem;
continue;
}
RsTemporaryMemory mData(size);
// for fatal sign creation // for fatal sign creation
bool createOk = false; bool createOk = false;
@ -2386,9 +2395,7 @@ void RsGenExchange::publishMsgs()
// check message not over single msg storage limit // check message not over single msg storage limit
if(createOk) if(createOk)
{
validSize = mDataStore->validSize(msg); validSize = mDataStore->validSize(msg);
}
if(createOk && validSize) if(createOk && validSize)
{ {
@ -2404,11 +2411,14 @@ void RsGenExchange::publishMsgs()
// now serialise meta data // now serialise meta data
size = msg->metaData->serial_size(); size = msg->metaData->serial_size();
char* metaDataBuff = new char[size]; {
bool s = msg->metaData->serialise(metaDataBuff, &size); RsTemporaryMemory metaDataBuff(size);
s &= msg->meta.setBinData(metaDataBuff, size);
if (!s) bool s = msg->metaData->serialise(metaDataBuff, &size);
std::cerr << "(WW) Can't serialise or set bin data" << std::endl; s &= msg->meta.setBinData(metaDataBuff, size);
if (!s)
std::cerr << "(WW) Can't serialise or set bin data" << std::endl;
}
msg->metaData->mMsgStatus = GXS_SERV::GXS_MSG_STATUS_UNPROCESSED; msg->metaData->mMsgStatus = GXS_SERV::GXS_MSG_STATUS_UNPROCESSED;
msgId = msg->msgId; msgId = msg->msgId;
@ -2416,6 +2426,7 @@ void RsGenExchange::publishMsgs()
msg->metaData->recvTS = time(NULL); msg->metaData->recvTS = time(NULL);
// FIXTESTS global variable rsPeers not available in unittests! // FIXTESTS global variable rsPeers not available in unittests!
if(rsPeers) if(rsPeers)
mRoutingClues[msg->metaData->mAuthorId].insert(rsPeers->getOwnId()) ; mRoutingClues[msg->metaData->mAuthorId].insert(rsPeers->getOwnId()) ;
@ -2425,21 +2436,27 @@ void RsGenExchange::publishMsgs()
mPublishedMsgs[token] = *msg->metaData; mPublishedMsgs[token] = *msg->metaData;
RsGxsMsgItem *msg_item = dynamic_cast<RsGxsMsgItem*>(mSerialiser->deserialise(msg->msg.bin_data,&msg->msg.bin_len)) ; RsGxsMsgItem *msg_item = dynamic_cast<RsGxsMsgItem*>(mSerialiser->deserialise(msg->msg.bin_data,&msg->msg.bin_len)) ;
if(!msg_item)
{
delete msg;
mDataAccess->updatePublicRequestStatus(mit->first, RsTokenService::FAILED);
std::cerr << "RsGenExchange::publishMsgs() failed to publish msg, probably because of data size limits. bin_len=" << msg->msg.bin_len << std::endl;
continue; // next mit
}
msg_item->meta = *msg->metaData; msg_item->meta = *msg->metaData;
mDataAccess->addMsgData(msg); // msg is deleted by addMsgData() mDataAccess->addMsgData(msg); // msg is deleted by addMsgData()
msgChangeMap[grpId].push_back(msg_item); msgChangeMap[grpId].push_back(msg_item);
delete[] metaDataBuff;
if(mNetService != NULL) if(mNetService != NULL)
mNetService->stampMsgServerUpdateTS(grpId) ; mNetService->stampMsgServerUpdateTS(grpId) ;
// add to published to allow acknowledgement // add to published to allow acknowledgement
mMsgNotify.insert(std::make_pair(mit->first, std::make_pair(grpId, msgId))); mMsgNotify.insert(std::make_pair(mit->first, std::make_pair(grpId, msgId)));
mDataAccess->updatePublicRequestStatus(mit->first, RsTokenService::COMPLETE); mDataAccess->updatePublicRequestStatus(mit->first, RsTokenService::COMPLETE);
} }
else else
{ {
@ -2447,8 +2464,7 @@ void RsGenExchange::publishMsgs()
delete msg; delete msg;
if(!tryLater) if(!tryLater)
mDataAccess->updatePublicRequestStatus(mit->first, mDataAccess->updatePublicRequestStatus(mit->first, RsTokenService::FAILED);
RsTokenService::FAILED);
std::cerr << "RsGenExchange::publishMsgs() failed to publish msg " << std::endl; std::cerr << "RsGenExchange::publishMsgs() failed to publish msg " << std::endl;
} }
@ -2458,8 +2474,6 @@ void RsGenExchange::publishMsgs()
std::cerr << "RsGenExchange::publishMsgs() failed to serialise msg " << std::endl; std::cerr << "RsGenExchange::publishMsgs() failed to serialise msg " << std::endl;
} }
delete[] mData;
if(!tryLater) if(!tryLater)
delete msgItem; delete msgItem;
} }