summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsin <sin@2f30.org>2014-10-07 01:43:17 +0100
committersin <sin@2f30.org>2014-10-07 01:43:17 +0100
commitfb584f7676a14bc3889f48bdc4b95af3e84f1f37 (patch)
tree989da508939f357194fb937e523477e614b1a9be
parent16d1b940fa923ab2f20c7c813754d160685bcb78 (diff)
Fix possible stack corruption when parsing friend IDs
-rw-r--r--config.mk4
-rw-r--r--ratox.c23
2 files changed, 18 insertions, 9 deletions
diff --git a/config.mk b/config.mk
index 49bf5b6..bad8cc2 100644
--- a/config.mk
+++ b/config.mk
@@ -8,5 +8,5 @@ MANPREFIX = $(PREFIX)/share/man
CC = cc
LD = $(CC)
CPPFLAGS = -DVERSION=\"${VERSION}\"
-CFLAGS = -I/usr/local/include -Wall -Wunused $(CPPFLAGS)
-LDFLAGS = -L/usr/local/lib -ltoxcore -ltoxav -ltoxencryptsave
+CFLAGS = -g -I/usr/local/include -Wall -Wunused $(CPPFLAGS)
+LDFLAGS = -g -L/usr/local/lib -ltoxcore -ltoxav -ltoxencryptsave
diff --git a/ratox.c b/ratox.c
index f39465d..9ad1566 100644
--- a/ratox.c
+++ b/ratox.c
@@ -1446,17 +1446,26 @@ sendfriendreq(void *data)
return;
buf[n] = '\0';
- for (p = buf; *p && isspace(*p) == 0; p++)
+ /* locate start of msg */
+ for (p = buf; *p && !isspace(*p); p++)
;
- if (*p != '\0') {
- *p = '\0';
- while (isspace(*p++) != 0)
- ;
- if (*p != '\0')
- msg = p;
+ if (*p == '\0')
+ goto out; /* no msg */
+ *p++ = '\0';
+ if (*p == '\0') {
+ goto out; /* no msg */
+ } else {
+ msg = p;
if (msg[strlen(msg) - 1] == '\n')
msg[strlen(msg) - 1] = '\0';
}
+out:
+ if (strlen(buf) != sizeof(id) * 2) {
+ ftruncate(gslots[REQUEST].fd[ERR], 0);
+ lseek(gslots[REQUEST].fd[ERR], 0, SEEK_SET);
+ dprintf(gslots[REQUEST].fd[ERR], "Invalid friend ID\n");
+ return;
+ }
str2id(buf, id);
r = tox_add_friend(tox, id, (uint8_t *)buf, strlen(buf));