From de29abb05cf1be0ad09d5c277e4aa701761fb16d Mon Sep 17 00:00:00 2001 From: orignal Date: Mon, 15 Aug 2016 13:12:56 -0400 Subject: [PATCH] check string buffer size --- RouterInfo.cpp | 43 +++++++++++++++++++++++-------------------- RouterInfo.h | 4 ++-- 2 files changed, 25 insertions(+), 22 deletions(-) diff --git a/RouterInfo.cpp b/RouterInfo.cpp index 625db5cb..130355b8 100644 --- a/RouterInfo.cpp +++ b/RouterInfo.cpp @@ -163,7 +163,7 @@ namespace data s.read ((char *)&address.cost, sizeof (address.cost)); s.read ((char *)&address.date, sizeof (address.date)); char transportStyle[5]; - ReadString (transportStyle, s); + ReadString (transportStyle, 5, s); if (!strcmp (transportStyle, "NTCP")) address.transportStyle = eTransportNTCP; else if (!strcmp (transportStyle, "SSU")) @@ -177,10 +177,10 @@ namespace data size = be16toh (size); while (r < size) { - char key[500], value[500]; - r += ReadString (key, s); + char key[255], value[255]; + r += ReadString (key, 255, s); s.seekg (1, std::ios_base::cur); r++; // = - r += ReadString (value, s); + r += ReadString (value, 255, s); s.seekg (1, std::ios_base::cur); r++; // ; if (!strcmp (key, "host")) { @@ -257,16 +257,10 @@ namespace data size = be16toh (size); while (r < size) { -#ifdef _WIN32 - char key[500], value[500]; - // TODO: investigate why properties get read as one long string under Windows - // length should not be more than 44 -#else - char key[50], value[50]; -#endif - r += ReadString (key, s); + char key[255], value[255]; + r += ReadString (key, 255, s); s.seekg (1, std::ios_base::cur); r++; // = - r += ReadString (value, s); + r += ReadString (value, 255, s); s.seekg (1, std::ios_base::cur); r++; // ; m_Properties[key] = value; @@ -542,16 +536,25 @@ namespace data return true; } - size_t RouterInfo::ReadString (char * str, std::istream& s) + size_t RouterInfo::ReadString (char * str, size_t len, std::istream& s) const { - uint8_t len; - s.read ((char *)&len, 1); - s.read (str, len); - str[len] = 0; - return len+1; + uint8_t l; + s.read ((char *)&l, 1); + if (l < len) + { + s.read (str, l); + str[l] = 0; + } + else + { + LogPrint (eLogWarning, "RouterInfo: string length ", (int)l, " exceeds buffer size ", len); + s.seekg (l, std::ios::cur); // skip + str[0] = 0; + } + return l+1; } - void RouterInfo::WriteString (const std::string& str, std::ostream& s) + void RouterInfo::WriteString (const std::string& str, std::ostream& s) const { uint8_t len = str.size (); s.write ((char *)&len, 1); diff --git a/RouterInfo.h b/RouterInfo.h index 16937b5b..f4c077ef 100644 --- a/RouterInfo.h +++ b/RouterInfo.h @@ -188,8 +188,8 @@ namespace data void ReadFromStream (std::istream& s); void ReadFromBuffer (bool verifySignature); void WriteToStream (std::ostream& s) const; - static size_t ReadString (char* str, std::istream& s); - static void WriteString (const std::string& str, std::ostream& s); + size_t ReadString (char* str, size_t len, std::istream& s) const; + void WriteString (const std::string& str, std::ostream& s) const; void ExtractCaps (const char * value); std::shared_ptr GetAddress (TransportStyle s, bool v4only, bool v6only = false) const; void UpdateCapsProperty ();