PurpleI2P/i2pd
1
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-02-02 15:14:14 +00:00
Code Issues Releases Activity

verify tag count field

Browse Source
This commit is contained in:
orignal 2014-12-07 21:00:19 -05:00
parent 5e31d6b2bd
commit 85624e4f4b
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Garlic.cpp
View File

@ -384,18 +384,24 @@ namespace garlic
i2p::tunnel::InboundTunnel * from) i2p::tunnel::InboundTunnel * from)
{ {
uint16_t tagCount = be16toh (*(uint16_t *)buf); uint16_t tagCount = be16toh (*(uint16_t *)buf);
buf += 2; buf += 2; len -= 2;
if (tagCount > 0) if (tagCount > 0)
{ {
if (tagCount*32 > len)
{
LogPrint (eLogWarning, "Tag count ", tagCount, " exceeds length ", len);
tagCount = len/32;
}
uint32_t ts = i2p::util::GetSecondsSinceEpoch (); uint32_t ts = i2p::util::GetSecondsSinceEpoch ();
for (int i = 0; i < tagCount; i++) for (int i = 0; i < tagCount; i++)
m_Tags[SessionTag(buf + i*32, ts)] = decryption; m_Tags[SessionTag(buf + i*32, ts)] = decryption;
} }
buf += tagCount*32; buf += tagCount*32;
len -= tagCount*32;
uint32_t payloadSize = be32toh (*(uint32_t *)buf); uint32_t payloadSize = be32toh (*(uint32_t *)buf);
if (payloadSize > len) if (payloadSize > len)
{ {
LogPrint ("Unexpected payload size ", payloadSize); LogPrint (eLogError, "Unexpected payload size ", payloadSize);
return; return;
} }
buf += 4; buf += 4;