Archives
/
lokinet
mirror of https://github.com/oxen-io/lokinet
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix buffer overflow when version encodes too many integers

Browse Source
pull/1072/head
Stephen Shelton 4 years ago
parent cfabe72587
commit 8921125924
No known key found for this signature in database
GPG Key ID: EE4BADACCE8B631C
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File

7
llarp/router_version.cpp
Unescape Escape View File

@ -63,11 +63,16 @@ namespace llarp
uint64_t i;
if(idx == 0)
{
if(not bencode_read_integer(buffer, &self->m_ProtoVersion))
uint64_t val = -1;
if(not bencode_read_integer(buffer, &val))
return false;
self->m_ProtoVersion = val;
}
else if(bencode_read_integer(buffer, &i))
{
// prevent overflow (note that idx includes version too)
if (idx > self->m_Version.max_size())
return false;
self->m_Version[idx - 1] = i;
}
else

41
test/router/test_llarp_router_version.cpp
Unescape Escape View File

@ -48,3 +48,44 @@ TEST_F(TestRouterVersion, TestClear)
EXPECT_TRUE(version.IsEmpty());
}
TEST_F(TestRouterVersion, TestBEncode)
{
llarp::RouterVersion v1235( {1, 2, 3}, 5);
std::array< byte_t, 128 > tmp;
llarp_buffer_t buf(tmp);
EXPECT_TRUE(v1235.BEncode(&buf));
std::string s((const char*)buf.begin(), (buf.end() - buf.begin()));
LogInfo("bencoded: ", buf.begin());
EXPECT_STREQ((const char*)buf.begin(), "li5ei1ei2ei3ee");
}
TEST_F(TestRouterVersion, TestBDecode)
{
llarp::RouterVersion version;
version.Clear();
const std::string bString("li9ei3ei2ei1ee");
llarp_buffer_t buf(bString.data(), bString.size());
EXPECT_TRUE(version.BDecode(&buf));
llarp::RouterVersion expected( {3, 2, 1}, 9);
EXPECT_EQ(expected, version);
}
TEST_F(TestRouterVersion, TestDecodeLongVersionArray)
{
llarp::RouterVersion version;
version.Clear();
const std::string bString("li9ei3ei2ei1ei2ei3ei4ei5ei6ei7ei8ei9ee");
llarp_buffer_t buf(bString.data(), bString.size());
EXPECT_FALSE(version.BDecode(&buf));
}

Write Preview
Loading…
Cancel
Save