fixed #1644. check leaseset buffer size

This commit is contained in:
orignal 2021-03-22 20:12:58 -04:00
parent ac10f3055d
commit 34eee2fc26

View File

@ -72,6 +72,12 @@ namespace data
}
size += 256; // encryption key
size += m_Identity->GetSigningPublicKeyLen (); // unused signing key
if (size + 1 > m_BufferLen)
{
LogPrint (eLogError, "LeaseSet: ", size, " exceeds buffer size ", m_BufferLen);
m_IsValid = false;
return;
}
uint8_t num = m_Buffer[size];
size++; // num
LogPrint (eLogDebug, "LeaseSet: read num=", (int)num);
@ -81,9 +87,14 @@ namespace data
m_IsValid = false;
return;
}
if (size + num*LEASE_SIZE > m_BufferLen)
{
LogPrint (eLogError, "LeaseSet: ", size, " exceeds buffer size ", m_BufferLen);
m_IsValid = false;
return;
}
UpdateLeasesBegin ();
// process leases
m_ExpirationTime = 0;
auto ts = i2p::util::GetMillisecondsSinceEpoch ();
@ -106,16 +117,24 @@ namespace data
return;
}
m_ExpirationTime += LEASE_ENDDATE_THRESHOLD;
UpdateLeasesEnd ();
// verify
if (verifySignature && !m_Identity->Verify (m_Buffer, leases - m_Buffer, leases))
if (verifySignature)
{
auto signedSize = leases - m_Buffer;
if (signedSize + m_Identity->GetSignatureLen () > m_BufferLen)
{
LogPrint (eLogError, "LeaseSet: Signature exceeds buffer size ", m_BufferLen);
m_IsValid = false;
}
else if (!m_Identity->Verify (m_Buffer, signedSize, leases))
{
LogPrint (eLogWarning, "LeaseSet: verification failed");
m_IsValid = false;
}
}
}
void LeaseSet::UpdateLeasesBegin ()
{