PurpleI2P/i2pd
1
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-01-23 17:34:21 +00:00
Code Issues Releases Activity

#343. check for malformed messages

Browse Source
This commit is contained in:
orignal 2016-02-02 11:55:38 -05:00
parent 4ced1e5075
commit 64b2a32c9a
5 changed files with 38 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Identity.cpp
View File

@ -199,7 +199,7 @@ namespace data
} }
memcpy (&m_StandardIdentity, buf, DEFAULT_IDENTITY_SIZE); memcpy (&m_StandardIdentity, buf, DEFAULT_IDENTITY_SIZE);
delete[] m_ExtendedBuffer; delete[] m_ExtendedBuffer; m_ExtendedBuffer = nullptr;
m_ExtendedLen = bufbe16toh (m_StandardIdentity.certificate + 1); m_ExtendedLen = bufbe16toh (m_StandardIdentity.certificate + 1);
if (m_ExtendedLen) if (m_ExtendedLen)
{ {
@ -211,6 +211,7 @@ namespace data
else else
{ {
LogPrint (eLogError, "Identity: Certificate length ", m_ExtendedLen, " exceeds buffer length ", len - DEFAULT_IDENTITY_SIZE); LogPrint (eLogError, "Identity: Certificate length ", m_ExtendedLen, " exceeds buffer length ", len - DEFAULT_IDENTITY_SIZE);
m_ExtendedLen = 0;
return 0; return 0;
} }
} }

13
LeaseSet.cpp
View File

@ -85,13 +85,24 @@ namespace data
if (readIdentity || !m_Identity) if (readIdentity || !m_Identity)
m_Identity = std::make_shared<IdentityEx>(m_Buffer, m_BufferLen); m_Identity = std::make_shared<IdentityEx>(m_Buffer, m_BufferLen);
size_t size = m_Identity->GetFullLen (); size_t size = m_Identity->GetFullLen ();
if (size > m_BufferLen)
{
LogPrint (eLogError, "LeaseSet: identity length ", size, " exceeds buffer size ", m_BufferLen);
m_IsValid = false;
return;
}
memcpy (m_EncryptionKey, m_Buffer + size, 256); memcpy (m_EncryptionKey, m_Buffer + size, 256);
size += 256; // encryption key size += 256; // encryption key
size += m_Identity->GetSigningPublicKeyLen (); // unused signing key size += m_Identity->GetSigningPublicKeyLen (); // unused signing key
uint8_t num = m_Buffer[size]; uint8_t num = m_Buffer[size];
size++; // num size++; // num
LogPrint (eLogDebug, "LeaseSet: read num=", (int)num); LogPrint (eLogDebug, "LeaseSet: read num=", (int)num);
if (!num) m_IsValid = false; if (!num || num > MAX_NUM_LEASES)
{
LogPrint (eLogError, "LeaseSet: incorrect number of leases", (int)num);
m_IsValid = false;
return;
}
// process leases // process leases
const uint8_t * leases = m_Buffer + size; const uint8_t * leases = m_Buffer + size;

3
LeaseSet.h
View File

@ -31,7 +31,8 @@ namespace data
} }
}; };
const int MAX_LS_BUFFER_SIZE = 3072; const int MAX_LS_BUFFER_SIZE = 3072;
const uint8_t MAX_NUM_LEASES = 16;
class LeaseSet: public RoutingDestination class LeaseSet: public RoutingDestination
{ {
public: public:

28
RouterInfo.cpp
View File

@ -81,7 +81,7 @@ namespace data
{ {
s.seekg (0,std::ios::end); s.seekg (0,std::ios::end);
m_BufferLen = s.tellg (); m_BufferLen = s.tellg ();
if (m_BufferLen < 40) if (m_BufferLen < 40 || m_BufferLen > MAX_RI_BUFFER_SIZE)
{ {
LogPrint(eLogError, "RouterInfo: File", m_FullPath, " is malformed"); LogPrint(eLogError, "RouterInfo: File", m_FullPath, " is malformed");
return false; return false;
@ -109,13 +109,25 @@ namespace data
{ {
m_RouterIdentity = std::make_shared<IdentityEx>(m_Buffer, m_BufferLen); m_RouterIdentity = std::make_shared<IdentityEx>(m_Buffer, m_BufferLen);
size_t identityLen = m_RouterIdentity->GetFullLen (); size_t identityLen = m_RouterIdentity->GetFullLen ();
if (identityLen >= m_BufferLen)
{
LogPrint (eLogError, "RouterInfo: identity length ", identityLen, " exceeds buffer size ", m_BufferLen);
m_IsUnreachable = true;
return;
}
std::stringstream str (std::string ((char *)m_Buffer + identityLen, m_BufferLen - identityLen)); std::stringstream str (std::string ((char *)m_Buffer + identityLen, m_BufferLen - identityLen));
ReadFromStream (str); ReadFromStream (str);
if (!str)
{
LogPrint (eLogError, "RouterInfo: malformed message");
m_IsUnreachable = true;
return;
}
if (verifySignature) if (verifySignature)
{ {
// verify signature // verify signature
int l = m_BufferLen - m_RouterIdentity->GetSignatureLen (); int l = m_BufferLen - m_RouterIdentity->GetSignatureLen ();
if (!m_RouterIdentity->Verify ((uint8_t *)m_Buffer, l, (uint8_t *)m_Buffer + l)) if (l < 0 || !m_RouterIdentity->Verify ((uint8_t *)m_Buffer, l, (uint8_t *)m_Buffer + l))
{ {
LogPrint (eLogError, "RouterInfo: signature verification failed"); LogPrint (eLogError, "RouterInfo: signature verification failed");
m_IsUnreachable = true; m_IsUnreachable = true;
@ -130,7 +142,7 @@ namespace data
m_Timestamp = be64toh (m_Timestamp); m_Timestamp = be64toh (m_Timestamp);
// read addresses // read addresses
uint8_t numAddresses; uint8_t numAddresses;
s.read ((char *)&numAddresses, sizeof (numAddresses)); s.read ((char *)&numAddresses, sizeof (numAddresses)); if (!s) return;
bool introducers = false; bool introducers = false;
for (int i = 0; i < numAddresses; i++) for (int i = 0; i < numAddresses; i++)
{ {
@ -149,7 +161,7 @@ namespace data
address.port = 0; address.port = 0;
address.mtu = 0; address.mtu = 0;
uint16_t size, r = 0; uint16_t size, r = 0;
s.read ((char *)&size, sizeof (size)); s.read ((char *)&size, sizeof (size)); if (!s) return;
size = be16toh (size); size = be16toh (size);
while (r < size) while (r < size)
{ {
@ -214,17 +226,18 @@ namespace data
else if (!strcmp (key, "ikey")) else if (!strcmp (key, "ikey"))
Base64ToByteStream (value, strlen (value), introducer.iKey, 32); Base64ToByteStream (value, strlen (value), introducer.iKey, 32);
} }
if (!s) return;
} }
if (isValidAddress) if (isValidAddress)
m_Addresses.push_back(address); m_Addresses.push_back(address);
} }
// read peers // read peers
uint8_t numPeers; uint8_t numPeers;
s.read ((char *)&numPeers, sizeof (numPeers)); s.read ((char *)&numPeers, sizeof (numPeers)); if (!s) return;
s.seekg (numPeers*32, std::ios_base::cur); // TODO: read peers s.seekg (numPeers*32, std::ios_base::cur); // TODO: read peers
// read properties // read properties
uint16_t size, r = 0; uint16_t size, r = 0;
s.read ((char *)&size, sizeof (size)); s.read ((char *)&size, sizeof (size)); if (!s) return;
size = be16toh (size); size = be16toh (size);
while (r < size) while (r < size)
{ {
@ -250,6 +263,7 @@ namespace data
LogPrint (eLogError, "Unexpected netid=", value); LogPrint (eLogError, "Unexpected netid=", value);
m_IsUnreachable = true; m_IsUnreachable = true;
} }
if (!s) return;
} }
if (!m_SupportedTransports || !m_Addresses.size() || (UsesIntroducer () && !introducers)) if (!m_SupportedTransports || !m_Addresses.size() || (UsesIntroducer () && !introducers))

2
RouterInfo.h
View File

@ -182,7 +182,7 @@ namespace data
std::string m_FullPath; std::string m_FullPath;
std::shared_ptr<const IdentityEx> m_RouterIdentity; std::shared_ptr<const IdentityEx> m_RouterIdentity;
uint8_t * m_Buffer; uint8_t * m_Buffer;
int m_BufferLen; size_t m_BufferLen;
uint64_t m_Timestamp; uint64_t m_Timestamp;
std::vector<Address> m_Addresses; std::vector<Address> m_Addresses;
std::map<std::string, std::string> m_Properties; std::map<std::string, std::string> m_Properties;