Browse Source

Merge pull request #1950 from Vort/term_fix

fix termination block processing and size check
pull/1951/head
orignal 1 year ago committed by GitHub
parent
commit
5e97b54d1b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 2
      libi2pd/NTCP2.cpp
  2. 9
      libi2pd/SSU2Session.cpp

2
libi2pd/NTCP2.cpp

@ -884,7 +884,7 @@ namespace transport @@ -884,7 +884,7 @@ namespace transport
auto size = bufbe16toh (frame + offset);
offset += 2;
LogPrint (eLogDebug, "NTCP2: Block type ", (int)blk, " of size ", size);
if (size > len)
if (offset + size > len)
{
LogPrint (eLogError, "NTCP2: Unexpected block length ", size);
break;

9
libi2pd/SSU2Session.cpp

@ -1486,7 +1486,7 @@ namespace transport @@ -1486,7 +1486,7 @@ namespace transport
auto size = bufbe16toh (buf + offset);
offset += 2;
LogPrint (eLogDebug, "SSU2: Block type ", (int)blk, " of size ", size);
if (size > len)
if (offset + size > len)
{
LogPrint (eLogError, "SSU2: Unexpected block length ", size);
break;
@ -1532,7 +1532,9 @@ namespace transport @@ -1532,7 +1532,9 @@ namespace transport
break;
case eSSU2BlkTermination:
{
uint8_t rsn = buf[11]; // reason
if (size >= 9)
{
uint8_t rsn = buf[offset + 8]; // reason
LogPrint (eLogDebug, "SSU2: Termination reason=", (int)rsn);
if (IsEstablished () && rsn != eSSU2TerminationReasonTerminationReceived)
RequestTermination (eSSU2TerminationReasonTerminationReceived);
@ -1542,6 +1544,9 @@ namespace transport @@ -1542,6 +1544,9 @@ namespace transport
m_State = eSSU2SessionStateClosingConfirmed;
Done ();
}
}
else
LogPrint(eLogWarning, "SSU2: Unexpected termination block size ", size);
break;
}
case eSSU2BlkRelayRequest:

Loading…
Cancel
Save