Mirrors/i2pd
2
0
Fork 0
mirror of https://github.com/PurpleI2P/i2pd.git synced 2025-04-28 11:47:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

check and limit LeaseSet's buffer size

Browse source
This commit is contained in:
orignal 2022-11-22 15:40:48 -05:00
parent ba3cee1cf1
commit 9e02c99db5
2 changed files with 23 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

10
libi2pd/NetDb.cpp
View file

@ -749,6 +749,11 @@ namespace data
{
const uint8_t * buf = m->GetPayload ();
size_t len = m->GetSize ();
if (len < DATABASE_STORE_HEADER_SIZE)
{
LogPrint (eLogError, "NetDb: Database store msg is too short ", len, ". Dropped");
return;
}
IdentHash ident (buf + DATABASE_STORE_KEY_OFFSET);
if (ident.IsZero ())
{
@ -759,6 +764,11 @@ namespace data
size_t offset = DATABASE_STORE_HEADER_SIZE;
if (replyToken)
{
if (len < offset + 36) // 32 + 4
{
LogPrint (eLogError, "NetDb: Database store msg with reply token is too short ", len, ". Dropped");
return;
}
auto deliveryStatus = CreateDeliveryStatusMsg (replyToken);
uint32_t tunnelID = bufbe32toh (buf + offset);
offset += 4;