Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-12-27 00:19:25 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

security check for encryption key length to avoid crashing when deserialisation gives wrong numbers

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@7535 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
csoler 2014-09-14 19:23:23 +00:00
parent f3aeaea526
commit 9752fb9698
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
libretroshare/src/gxs/gxssecurity.cc
View File

@ -452,6 +452,14 @@ bool GxsSecurity::decrypt(uint8_t *& out, int & outlen, const uint8_t *in, int i
eklen = ntohl(net_ekl);
in_offset += size_net_ekl;
// Conservative limits to detect weird errors due to corrupted encoding.
//
if(eklen < 0 || eklen > 512 || eklen+in_offset > inlen)
{
std::cerr << "Error while deserialising encryption key length: eklen = " << std::dec << eklen << ". Giving up decryption." << std::endl;
return false ;
}
memcpy(ek, (unsigned char*)in + in_offset, eklen);
in_offset += eklen;