PurpleI2P/i2pd
1
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-01-29 19:24:14 +00:00
Code Issues Releases Activity

check for buffer overflow during flood

Browse Source
This commit is contained in:
orignal 2015-12-31 17:09:04 -05:00
parent ef4dc3cbc9
commit 4242c86d40
1 changed files with 15 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
NetDb.cpp
View File

@ -478,16 +478,22 @@ namespace data
uint8_t * payload = floodMsg->GetPayload (); uint8_t * payload = floodMsg->GetPayload ();
memcpy (payload, buf, 33); // key + type memcpy (payload, buf, 33); // key + type
htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, 0); // zero reply token htobe32buf (payload + DATABASE_STORE_REPLY_TOKEN_OFFSET, 0); // zero reply token
memcpy (payload + DATABASE_STORE_HEADER_SIZE, buf + offset, len - offset); auto msgLen = len - offset;
floodMsg->len += DATABASE_STORE_HEADER_SIZE + len -offset; floodMsg->len += DATABASE_STORE_HEADER_SIZE + msgLen;
floodMsg->FillI2NPMessageHeader (eI2NPDatabaseStore); if (floodMsg->len < floodMsg->maxLen)
std::set<IdentHash> excluded; {
for (int i = 0; i < 3; i++) memcpy (payload + DATABASE_STORE_HEADER_SIZE, buf + offset, msgLen);
{ floodMsg->FillI2NPMessageHeader (eI2NPDatabaseStore);
auto floodfill = GetClosestFloodfill (ident, excluded); std::set<IdentHash> excluded;
if (floodfill) for (int i = 0; i < 3; i++)
transports.SendMessage (floodfill->GetIdentHash (), floodMsg); {
auto floodfill = GetClosestFloodfill (ident, excluded);
if (floodfill)
transports.SendMessage (floodfill->GetIdentHash (), floodMsg);
}
} }
else
LogPrint (eLogError, "Database store message is too long ", floodMsg->len);
} }
} }