diff options
author | sin <sin@2f30.org> | 2014-10-07 01:43:17 +0100 |
---|---|---|
committer | sin <sin@2f30.org> | 2014-10-07 01:43:17 +0100 |
commit | fb584f7676a14bc3889f48bdc4b95af3e84f1f37 (patch) | |
tree | 989da508939f357194fb937e523477e614b1a9be | |
parent | 16d1b940fa923ab2f20c7c813754d160685bcb78 (diff) |
Fix possible stack corruption when parsing friend IDs
-rw-r--r-- | config.mk | 4 | ||||
-rw-r--r-- | ratox.c | 23 |
2 files changed, 18 insertions, 9 deletions
@@ -8,5 +8,5 @@ MANPREFIX = $(PREFIX)/share/man CC = cc LD = $(CC) CPPFLAGS = -DVERSION=\"${VERSION}\" -CFLAGS = -I/usr/local/include -Wall -Wunused $(CPPFLAGS) -LDFLAGS = -L/usr/local/lib -ltoxcore -ltoxav -ltoxencryptsave +CFLAGS = -g -I/usr/local/include -Wall -Wunused $(CPPFLAGS) +LDFLAGS = -g -L/usr/local/lib -ltoxcore -ltoxav -ltoxencryptsave @@ -1446,17 +1446,26 @@ sendfriendreq(void *data) return; buf[n] = '\0'; - for (p = buf; *p && isspace(*p) == 0; p++) + /* locate start of msg */ + for (p = buf; *p && !isspace(*p); p++) ; - if (*p != '\0') { - *p = '\0'; - while (isspace(*p++) != 0) - ; - if (*p != '\0') - msg = p; + if (*p == '\0') + goto out; /* no msg */ + *p++ = '\0'; + if (*p == '\0') { + goto out; /* no msg */ + } else { + msg = p; if (msg[strlen(msg) - 1] == '\n') msg[strlen(msg) - 1] = '\0'; } +out: + if (strlen(buf) != sizeof(id) * 2) { + ftruncate(gslots[REQUEST].fd[ERR], 0); + lseek(gslots[REQUEST].fd[ERR], 0, SEEK_SET); + dprintf(gslots[REQUEST].fd[ERR], "Invalid friend ID\n"); + return; + } str2id(buf, id); r = tox_add_friend(tox, id, (uint8_t *)buf, strlen(buf)); |