PurpleI2P
/
i2pd
mirror of https://github.com/PurpleI2P/i2pd.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

verify tag count field

pull/115/head
orignal 10 years ago
parent
5e31d6b2bd
commit
85624e4f4b
1 changed files with 8 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      Garlic.cpp

10
Garlic.cpp
Unescape View File

@ -384,18 +384,24 @@ namespace garlic
i2p::tunnel::InboundTunnel * from) i2p::tunnel::InboundTunnel * from)
{ {
uint16_t tagCount = be16toh (*(uint16_t *)buf); uint16_t tagCount = be16toh (*(uint16_t *)buf);
buf += 2; buf += 2; len -= 2;
if (tagCount > 0) if (tagCount > 0)
{ {
if (tagCount*32 > len)
{
LogPrint (eLogWarning, "Tag count ", tagCount, " exceeds length ", len);
tagCount = len/32;
}
uint32_t ts = i2p::util::GetSecondsSinceEpoch (); uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
for (int i = 0; i < tagCount; i++) for (int i = 0; i < tagCount; i++)
m_Tags[SessionTag(buf + i*32, ts)] = decryption; m_Tags[SessionTag(buf + i*32, ts)] = decryption;
} }
buf += tagCount*32; buf += tagCount*32;
len -= tagCount*32;
uint32_t payloadSize = be32toh (*(uint32_t *)buf); uint32_t payloadSize = be32toh (*(uint32_t *)buf);
if (payloadSize > len) if (payloadSize > len)
{ {
LogPrint ("Unexpected payload size ", payloadSize); LogPrint (eLogError, "Unexpected payload size ", payloadSize);
return; return;
} }
buf += 4; buf += 4;

Write Preview
Loading…
Cancel
Save