Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed potential integer overflow / Out of bounds read in rsbaseserial.cc. Also added a few more error output.

Browse Source
This commit is contained in:
csoler 2016-01-11 19:08:52 -05:00
parent 8e6998b8d9
commit 3094b52e8f
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
libretroshare/src/serialiser/rsbaseserial.cc
View File

@ -40,6 +40,7 @@ bool getRawUInt8(void *data, uint32_t size, uint32_t *offset, uint8_t *out)
/* first check there is space */
if (size < *offset + 1)
{
std::cerr << "(EE) Cannot deserialise uint8_t: not enough size." << std::endl;
return false;
}
void *buf = (void *) &(((uint8_t *) data)[*offset]);
@ -56,6 +57,7 @@ bool setRawUInt8(void *data, uint32_t size, uint32_t *offset, uint8_t in)
/* first check there is space */
if (size < *offset + 1)
{
std::cerr << "(EE) Cannot serialise uint8_t: not enough size." << std::endl;
return false;
}
@ -74,6 +76,7 @@ bool getRawUInt16(void *data, uint32_t size, uint32_t *offset, uint16_t *out)
/* first check there is space */
if (size < *offset + 2)
{
std::cerr << "(EE) Cannot deserialise uint16_t: not enough size." << std::endl;
return false;
}
void *buf = (void *) &(((uint8_t *) data)[*offset]);
@ -92,6 +95,7 @@ bool setRawUInt16(void *data, uint32_t size, uint32_t *offset, uint16_t in)
/* first check there is space */
if (size < *offset + 2)
{
std::cerr << "(EE) Cannot serialise uint16_t: not enough size." << std::endl;
return false;
}
@ -114,6 +118,7 @@ bool getRawUInt32(void *data, uint32_t size, uint32_t *offset, uint32_t *out)
/* first check there is space */
if (size < *offset + 4)
{
std::cerr << "(EE) Cannot deserialise uint32_t: not enough size." << std::endl;
return false;
}
void *buf = (void *) &(((uint8_t *) data)[*offset]);
@ -132,6 +137,7 @@ bool setRawUInt32(void *data, uint32_t size, uint32_t *offset, uint32_t in)
/* first check there is space */
if (size < *offset + 4)
{
std::cerr << "(EE) Cannot serialise uint32_t: not enough size." << std::endl;
return false;
}
@ -154,6 +160,7 @@ bool getRawUInt64(void *data, uint32_t size, uint32_t *offset, uint64_t *out)
/* first check there is space */
if (size < *offset + 8)
{
std::cerr << "(EE) Cannot deserialise uint64_t: not enough size." << std::endl;
return false;
}
void *buf = (void *) &(((uint8_t *) data)[*offset]);
@ -172,6 +179,7 @@ bool setRawUInt64(void *data, uint32_t size, uint32_t *offset, uint64_t in)
/* first check there is space */
if (size < *offset + 8)
{
std::cerr << "(EE) Cannot serialise uint64_t: not enough size." << std::endl;
return false;
}
@ -231,12 +239,13 @@ bool getRawString(void *data, uint32_t size, uint32_t *offset, std::string &outS
}
/* check there is space for string */
if (size < *offset + len)
if(len > size || size-len < *offset) // better than if(size < *offset + len) because it avoids integer overflow
{
std::cerr << "getRawString() not enough size" << std::endl;
return false;
}
uint8_t *buf = &(((uint8_t *) data)[*offset]);
for (uint32_t i = 0; i < len; i++)
{
outStr += buf[i];
@ -250,11 +259,10 @@ bool setRawString(void *data, uint32_t size, uint32_t *offset, const std::string
{
uint32_t len = inStr.length();
/* first check there is space */
if (size < *offset + 4 + len)
if(size < 4 || len > size-4 || size-len-4 < *offset) // better than if(size < *offset + len + 4) because it avoids integer overflow
{
//#ifdef RSSERIAL_DEBUG
std::cerr << "setRawString() Not enough size" << std::endl;
//#endif
return false;
}