added safety check for null chunks in TlvMemBlock_proxy deserialization

2025-01-26 23:36:59 -05:00 · 2017-05-03 22:20:58 +02:00 · 2017-05-03 22:20:58 +02:00 · 214aaa7c9b
commit 214aaa7c9b
parent f006146ee4
1 changed files with 18 additions and 1 deletions
--- a/libretroshare/src/serialiser/rstypeserializer.cc
+++ b/libretroshare/src/serialiser/rstypeserializer.cc
@ -32,6 +32,7 @@
 #include <iomanip>

 static const uint32_t MAX_SERIALIZED_ARRAY_SIZE = 500 ;
+static const uint32_t MAX_SERIALIZED_CHUNK_SIZE = 10*1024*1024 ; // 10 MB.

 //=================================================================================================//
 //                                            Integer types                                        //
@ -231,9 +232,25 @@ template<> bool RsTypeSerializer::deserialize(const uint8_t data[],uint32_t size

    bool ok = deserialize<uint32_t>(data,size,offset,r.second) ;

+    if(r.second == 0)
+    {
+        r.first = NULL ;
+
+        if(!ok)
+			offset = saved_offset ;
+
+        return ok ;
+    }
+    if(r.second > MAX_SERIALIZED_CHUNK_SIZE)
+    {
+        std::cerr << "(EE) RsTypeSerializer::deserialize<TlvMemBlock_proxy>(): data chunk has size larger than safety size (" << MAX_SERIALIZED_CHUNK_SIZE << "). Item will be dropped." << std::endl;
+        offset = saved_offset ;
+        return false ;
+    }
+
    r.first = (uint8_t*)rs_malloc(r.second) ;

-    ok = ok && NULL != r.first;
+    ok = ok && (NULL != r.first);

    memcpy(r.first,&data[offset],r.second) ;
    offset += r.second ;