limited the number of packets to be parsed in a row, to prevent compressed data to contain an enormous number of packets. Fixes one possible attack pointed out by HM

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7013 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2014-01-14 19:58:55 +00:00
parent 9eaea5de12
commit 2d64e3f540

View File

@ -3229,19 +3229,26 @@ void example()
*/
int ops_parse(ops_parse_info_t *pinfo)
{
int r;
unsigned long pktlen;
{
int r;
unsigned long pktlen;
int n_packets = 0 ;
do
// Parse until we get a return code of 0 (error) or -1 (EOF)
{
r=ops_parse_one_packet(pinfo,&pktlen);
} while (r > 0);
do
// Parse until we get a return code of 0 (error) or -1 (EOF)
{
r=ops_parse_one_packet(pinfo,&pktlen);
return pinfo->errors ? 0 : 1;
return r == -1 ? 0 : 1;
}
if(++n_packets > 100)
{
fprintf(stderr,"More than 100 packets parsed in a row. This is likely to be a buggy certificate.") ;
return 0 ;
}
} while (r > 0);
return pinfo->errors ? 0 : 1;
return r == -1 ? 0 : 1;
}
/**
\ingroup Core_ReadPackets