mirror of
https://github.com/PurpleI2P/i2pd.git
synced 2025-02-06 15:04:17 +00:00
check for buffer overflow during flood
This commit is contained in:
orignal
parent
ef4dc3cbc9
commit
4242c86d40
10
NetDb.cpp
10
NetDb.cpp
@ -478,8 +478,11 @@ namespace data
|
|||||||
uint8_t * payload = floodMsg->GetPayload ();
|
uint8_t * payload = floodMsg->GetPayload ();
|
||||||
memcpy (payload, buf, 33); // key + type
|
memcpy (payload, buf, 33); // key + type
|
||||||
htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, 0); // zero reply token
|
htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, 0); // zero reply token
|
||||||
memcpy (payload + DATABASE_STORE_HEADER_SIZE, buf + offset, len - offset);
|
auto msgLen = len - offset;
|
||||||
floodMsg->len += DATABASE_STORE_HEADER_SIZE + len -offset;
|
floodMsg->len += DATABASE_STORE_HEADER_SIZE + msgLen;
|
||||||
|
if (floodMsg->len < floodMsg->maxLen)
|
||||||
|
{
|
||||||
|
memcpy (payload + DATABASE_STORE_HEADER_SIZE, buf + offset, msgLen);
|
||||||
floodMsg->FillI2NPMessageHeader (eI2NPDatabaseStore);
|
floodMsg->FillI2NPMessageHeader (eI2NPDatabaseStore);
|
||||||
std::set<IdentHash> excluded;
|
std::set<IdentHash> excluded;
|
||||||
for (int i = 0; i < 3; i++)
|
for (int i = 0; i < 3; i++)
|
||||||
@ -489,6 +492,9 @@ namespace data
|
|||||||
transports.SendMessage (floodfill->GetIdentHash (), floodMsg);
|
transports.SendMessage (floodfill->GetIdentHash (), floodMsg);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
LogPrint (eLogError, "Database store message is too long ", floodMsg->len);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (buf[DATABASE_STORE_TYPE_OFFSET]) // type
|
if (buf[DATABASE_STORE_TYPE_OFFSET]) // type
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user