mirror
/
MeshCore
mirror of https://github.com/meshcore-dev/MeshCore
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Validate path length against max path size

pull/1855/head
Wessel Nieboer 4 months ago
parent
8c0d5c5b24
commit
bd4160b5ed
No known key found for this signature in database GPG Key ID: 929C8E45E33B5FD2
2 changed files with 7 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      examples/simple_repeater/MyMesh.cpp
  2. 6
      src/Packet.cpp

3
examples/simple_repeater/MyMesh.cpp
View File

@ -151,6 +151,7 @@ uint8_t MyMesh::handleAnonRegionsReq(const mesh::Identity& sender, uint32_t send
reply_path_hash_size = (*data >> 6) + 1;
data++;
if (reply_path_len * reply_path_hash_size > MAX_PATH_SIZE) return 0;
memcpy(reply_path, data, ((uint8_t)reply_path_len) * reply_path_hash_size);
// data += (uint8_t)reply_path_len * reply_path_hash_size;
@ -170,6 +171,7 @@ uint8_t MyMesh::handleAnonOwnerReq(const mesh::Identity& sender, uint32_t sender
reply_path_hash_size = (*data >> 6) + 1;
data++;
if (reply_path_len * reply_path_hash_size > MAX_PATH_SIZE) return 0;
memcpy(reply_path, data, ((uint8_t)reply_path_len) * reply_path_hash_size);
// data += (uint8_t)reply_path_len * reply_path_hash_size;
@ -190,6 +192,7 @@ uint8_t MyMesh::handleAnonClockReq(const mesh::Identity& sender, uint32_t sender
reply_path_hash_size = (*data >> 6) + 1;
data++;
if (reply_path_len * reply_path_hash_size > MAX_PATH_SIZE) return 0;
memcpy(reply_path, data, ((uint8_t)reply_path_len) * reply_path_hash_size);
// data += (uint8_t)reply_path_len * reply_path_hash_size;

6
src/Packet.cpp
View File

@ -22,7 +22,7 @@ size_t Packet::writePath(uint8_t* dest, const uint8_t* src, uint8_t path_len) {
uint8_t hash_size = (path_len >> 6) + 1;
size_t len = hash_count*hash_size;
if (len > MAX_PATH_SIZE) {
MESH_DEBUG_PRINTLN("Packet::copyPath, invalid path_len=%d", (uint32_t)path_len);
MESH_DEBUG_PRINTLN("Packet::writePath, invalid path_len=%d", (uint32_t)path_len);
return 0; // Error
}
memcpy(dest, src, len);
@ -30,7 +30,9 @@ size_t Packet::writePath(uint8_t* dest, const uint8_t* src, uint8_t path_len) {
}
uint8_t Packet::copyPath(uint8_t* dest, const uint8_t* src, uint8_t path_len) {
writePath(dest, src, path_len);
if (writePath(dest, src, path_len) == 0 && (path_len & 63) != 0) {
return 0; // Error: writePath failed for non-empty path
}
return path_len;
}

Write Preview
Loading…
Cancel
Save