mirror
/
MeshCore
mirror of https://github.com/meshcore-dev/MeshCore
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

tighten TRACE path_len guard to account for SNR append 

The TRACE forwarding path appends an SNR byte to pkt->path via
path_len++, but the guard only checked path_len < MAX_PATH_SIZE.
When path_len entered as MAX_PATH_SIZE - 1, the write was in-bounds
but left path_len equal to MAX_PATH_SIZE, which could cause off-by-one
issues in downstream code that uses path_len as an index.

Change the guard to path_len + 1 < MAX_PATH_SIZE so there is always
room for the append without path_len reaching MAX_PATH_SIZE.
pull/1658/head
Wessel Nieboer 4 months ago
parent
8c0d5c5b24
commit
e9746a50df
No known key found for this signature in database GPG Key ID: 929C8E45E33B5FD2
1 changed files with 1 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      src/Mesh.cpp

2
src/Mesh.cpp
View File

@ -40,7 +40,7 @@ int Mesh::searchChannelsByHash(const uint8_t* hash, GroupChannel channels[], int
DispatcherAction Mesh::onRecvPacket(Packet* pkt) {
if (pkt->isRouteDirect() && pkt->getPayloadType() == PAYLOAD_TYPE_TRACE) {
if (pkt->path_len < MAX_PATH_SIZE) {
if (pkt->path_len + 1 < MAX_PATH_SIZE) {
uint8_t i = 0;
uint32_t trace_tag;
memcpy(&trace_tag, &pkt->payload[i], 4); i += 4;

Write Preview
Loading…
Cancel
Save