From 4c8d85870b6510f39d57c44c7af2d0ebf66ef4be Mon Sep 17 00:00:00 2001 From: orignal Date: Thu, 4 Dec 2014 19:28:20 -0500 Subject: [PATCH] check identity buffer size --- AddressBook.cpp | 3 ++- Identity.cpp | 17 +++++++++++++++-- base64.cpp | 4 ++-- 3 files changed, 19 insertions(+), 5 deletions(-) diff --git a/AddressBook.cpp b/AddressBook.cpp index eac15db2..cbb1825a 100644 --- a/AddressBook.cpp +++ b/AddressBook.cpp @@ -188,7 +188,8 @@ namespace client } // if not .b32 we assume full base64 address i2p::data::IdentityEx dest; - dest.FromBase64 (address); + if (!dest.FromBase64 (address)) + return false; ident = dest.GetIdentHash (); return true; } diff --git a/Identity.cpp b/Identity.cpp index a5825da8..a616e5eb 100644 --- a/Identity.cpp +++ b/Identity.cpp @@ -157,14 +157,27 @@ namespace data size_t IdentityEx::FromBuffer (const uint8_t * buf, size_t len) { + if (len < DEFAULT_IDENTITY_SIZE) + { + LogPrint (eLogError, "Identity buffer length ", len, " is too small"); + return 0; + } memcpy (&m_StandardIdentity, buf, DEFAULT_IDENTITY_SIZE); delete[] m_ExtendedBuffer; if (m_StandardIdentity.certificate.length) { m_ExtendedLen = be16toh (m_StandardIdentity.certificate.length); - m_ExtendedBuffer = new uint8_t[m_ExtendedLen]; - memcpy (m_ExtendedBuffer, buf + DEFAULT_IDENTITY_SIZE, m_ExtendedLen); + if (m_ExtendedLen + DEFAULT_IDENTITY_SIZE <= len) + { + m_ExtendedBuffer = new uint8_t[m_ExtendedLen]; + memcpy (m_ExtendedBuffer, buf + DEFAULT_IDENTITY_SIZE, m_ExtendedLen); + } + else + { + LogPrint (eLogError, "Certificate length ", m_ExtendedLen, " exceeds buffer length ", len - DEFAULT_IDENTITY_SIZE); + return 0; + } } else { diff --git a/base64.cpp b/base64.cpp index 4c72c0c6..3d1ec07e 100644 --- a/base64.cpp +++ b/base64.cpp @@ -79,7 +79,7 @@ namespace data outCount = 4*n; else outCount = 4*(n+1); - if (outCount > len) return -1; + if (outCount > len) return 0; pd = (unsigned char *)OutBuffer; for ( i = 0; i