Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-12-28 00:49:28 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixed potential integer overflow / Out of bounds read in rsturtleitems.cc

Browse Source
This commit is contained in:
csoler 2016-01-11 20:40:57 -05:00
parent 6e9d96efd8
commit 8e666fcec3
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
libretroshare/src/turtle/rsturtleitem.cc
View File

@ -286,17 +286,17 @@ RsTurtleRegExpSearchRequestItem::RsTurtleRegExpSearchRequestItem(void *data,uint
expr._tokens.resize(n) ; expr._tokens.resize(n) ;
for(uint32_t i=0;i<n;++i) ok &= getRawUInt8(data,pktsize,&offset,&expr._tokens[i]) ; for(uint32_t i=0;i<n && ok;++i) ok &= getRawUInt8(data,pktsize,&offset,&expr._tokens[i]) ;
ok &= getRawUInt32(data,pktsize,&offset,&n) ; ok &= getRawUInt32(data,pktsize,&offset,&n) ;
expr._ints.resize(n) ; expr._ints.resize(n) ;
for(uint32_t i=0;i<n;++i) ok &= getRawUInt32(data,pktsize,&offset,&expr._ints[i]) ; for(uint32_t i=0;i<n && ok;++i) ok &= getRawUInt32(data,pktsize,&offset,&expr._ints[i]) ;
ok &= getRawUInt32(data,pktsize,&offset,&n) ; ok &= getRawUInt32(data,pktsize,&offset,&n) ;
expr._strings.resize(n) ; expr._strings.resize(n) ;
for(uint32_t i=0;i<n;++i) ok &= GetTlvString(data, pktsize, &offset, TLV_TYPE_STR_VALUE, expr._strings[i]); for(uint32_t i=0;i<n && ok;++i) ok &= GetTlvString(data, pktsize, &offset, TLV_TYPE_STR_VALUE, expr._strings[i]);
#ifdef WINDOWS_SYS // No Exceptions in Windows compile. (drbobs). #ifdef WINDOWS_SYS // No Exceptions in Windows compile. (drbobs).
UNREFERENCED_LOCAL_VARIABLE(rssize); UNREFERENCED_LOCAL_VARIABLE(rssize);
@ -531,6 +531,9 @@ RsTurtleGenericDataItem::RsTurtleGenericDataItem(void *data,uint32_t pktsize)
uint32_t offset = 8; // skip the header uint32_t offset = 8; // skip the header
uint32_t rssize = getRsItemSize(data); uint32_t rssize = getRsItemSize(data);
if(rssize > pktsize)
throw std::runtime_error("RsTurtleTunnelOkItem::() wrong rssize (exceeds pktsize).") ;
/* add mandatory parts first */ /* add mandatory parts first */
bool ok = true ; bool ok = true ;
@ -540,6 +543,10 @@ RsTurtleGenericDataItem::RsTurtleGenericDataItem(void *data,uint32_t pktsize)
#ifdef P3TURTLE_DEBUG #ifdef P3TURTLE_DEBUG
std::cerr << " request_id=" << (void*)request_id << ", tunnel_id=" << (void*)tunnel_id << std::endl ; std::cerr << " request_id=" << (void*)request_id << ", tunnel_id=" << (void*)tunnel_id << std::endl ;
#endif #endif
if(data_size > rssize || rssize - data_size < offset)
throw std::runtime_error("RsTurtleTunnelOkItem::() wrong data_size (exceeds rssize).") ;
data_bytes = malloc(data_size) ; data_bytes = malloc(data_size) ;
if(data_bytes != NULL) if(data_bytes != NULL)