PurpleI2P
/
i2pd
mirror of https://github.com/PurpleI2P/i2pd.git
1
0
Fork 0
Code Issues Releases Activity
Browse Source

libi2pd: fix undefined behaviour and memory overruns 

This fixes the following issues (flagged by cppcheck):
[libi2pd/ECIESX25519AEADRatchetSession.cpp:537]: (error) Buffer is accessed out of bounds: m_NSREncodedKey
[libi2pd/Identity.cpp:22]: (error) Buffer is accessed out of bounds: keys.publicKey
[libi2pd/Identity.cpp:22]: (error) Buffer is accessed out of bounds: publicKey
[libi2pd/NetDb.cpp:70] -> [libi2pd/NetDb.cpp:69]: (error) Iterator 'it' used after element has been erased
[libi2pd/SSUData.cpp:186] -> [libi2pd/SSUData.cpp:187]: (warning) Shifting 32-bit value by 63 bits is undefined behaviour.
pull/1701/head
Simon Vetter 3 years ago
parent
af794f901f
commit
a348e10620
4 changed files with 5 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      libi2pd/ECIESX25519AEADRatchetSession.cpp
  2. 3
      libi2pd/Identity.cpp
  3. 2
      libi2pd/NetDb.cpp
  4. 2
      libi2pd/SSUData.cpp

2
libi2pd/ECIESX25519AEADRatchetSession.cpp
Unescape View File

@ -534,7 +534,7 @@ namespace garlic
LogPrint (eLogError, "Garlic: Can't encode elligator"); LogPrint (eLogError, "Garlic: Can't encode elligator");
return false; return false;
} }
memcpy (m_NSREncodedKey, out + offset, 56); // for possible next NSR memcpy (m_NSREncodedKey, out + offset, 32); // for possible next NSR
memcpy (m_NSRH, m_H, 32); memcpy (m_NSRH, m_H, 32);
offset += 32; offset += 32;
// KDF for Reply Key Section // KDF for Reply Key Section

3
libi2pd/Identity.cpp
Unescape View File

@ -19,7 +19,8 @@ namespace data
Identity& Identity::operator=(const Keys& keys) Identity& Identity::operator=(const Keys& keys)
{ {
// copy public and signing keys together // copy public and signing keys together
memcpy (publicKey, keys.publicKey, sizeof (publicKey) + sizeof (signingKey)); memcpy (publicKey, keys.publicKey, sizeof (publicKey));
memcpy (signingKey, keys.signingKey, sizeof (signingKey));
memset (certificate, 0, sizeof (certificate)); memset (certificate, 0, sizeof (certificate));
return *this; return *this;
} }

2
libi2pd/NetDb.cpp
Unescape View File

@ -66,8 +66,8 @@ namespace data
if (it != m_RouterInfos.end ()) if (it != m_RouterInfos.end ())
{ {
// remove own router // remove own router
m_RouterInfos.erase (it);
m_Floodfills.remove (it->second); m_Floodfills.remove (it->second);
m_RouterInfos.erase (it);
} }
// insert own router // insert own router
m_RouterInfos.emplace (i2p::context.GetIdentHash (), i2p::context.GetSharedRouterInfo ()); m_RouterInfos.emplace (i2p::context.GetIdentHash (), i2p::context.GetSharedRouterInfo ());

2
libi2pd/SSUData.cpp
Unescape View File

@ -185,7 +185,7 @@ namespace transport
auto& incompleteMessage = it->second; auto& incompleteMessage = it->second;
// mark fragment as received // mark fragment as received
if (fragmentNum < 64) if (fragmentNum < 64)
incompleteMessage->receivedFragmentsBits |= (0x01 << fragmentNum); incompleteMessage->receivedFragmentsBits |= (uint64_t(0x01) << fragmentNum);
else else
LogPrint (eLogWarning, "SSU: Fragment number ", fragmentNum, " exceeds 64"); LogPrint (eLogWarning, "SSU: Fragment number ", fragmentNum, " exceeds 64");

Write Preview
Loading…
Cancel
Save