psyc,psycstore,social fixes

diff --git a/src/psyc/psyc_api.c b/src/psyc/psyc_api.c
index 9c58322934fa1abfc9d953b6493fdac3e1b171ad..9769bb85374857c8a1b140044ccf841f8604d59c 100644 (file)
--- a/src/psyc/psyc_api.c
+++ b/src/psyc/psyc_api.c
@@ -386,6 +386,11 @@ handle_channel_state_result (void *cls,
   }
 
   const struct GNUNET_MessageHeader *mod = GNUNET_MQ_extract_nested_mh (res);
+  if (NULL == mod)
+  {
+    GNUNET_break_op (0);
+    return;
+  }
   uint16_t mod_size = ntohs (mod->size);
 
   switch (ntohs (mod->type))
@@ -397,9 +402,11 @@ handle_channel_state_result (void *cls,
 
     const char *name = (const char *) &pmod[1];
     uint16_t name_size = ntohs (pmod->name_size);
-    if ('\0' != name[name_size - 1])
+    if (0 == name_size
+        || mod_size - sizeof (*pmod) < name_size
+        || '\0' != name[name_size - 1])
     {
-      GNUNET_break (0);
+      GNUNET_break_op (0);
       return;
     }
     sr->var_cb (sr->cls, mod, name, name + name_size,

diff --git a/src/psycstore/psycstore_api.c b/src/psycstore/psycstore_api.c
index 7bbf2e3d8f9d179f634448ffee08012348dec297..480d594fc969b8b48928bccb8ebed6e05bb61ade 100644 (file)
--- a/src/psycstore/psycstore_api.c
+++ b/src/psycstore/psycstore_api.c
@@ -122,7 +122,7 @@ check_result_code (void *cls, const struct OperationResult *opres)
 {
   uint16_t size = ntohs (opres->header.size);
   const char *str = (const char *) &opres[1];
-  if ( (sizeof (struct OperationResult) < size) &&
+  if ( (sizeof (*opres) < size) &&
        ('\0' != str[size - sizeof (*opres) - 1]) )
   {
     GNUNET_break (0);
@@ -244,9 +244,12 @@ static int
 check_result_state (void *cls, const struct StateResult *sres)
 {
   const char *name = (const char *) &sres[1];
+  uint16_t size = ntohs (sres->header.size);
   uint16_t name_size = ntohs (sres->name_size);
 
-  if (name_size <= 2 || '\0' != name[name_size - 1])
+  if (name_size <= 2
+      || size - sizeof (*sres) < name_size
+      || '\0' != name[name_size - 1])
   {
     LOG (GNUNET_ERROR_TYPE_ERROR,
          "check_result_state: Received state result message with invalid name.\n");

diff --git a/src/social/social_api.c b/src/social/social_api.c
index e34774aae6b4fce8272a0f59fc7b669775b8bf93..f05e437ca100e8456c01c5e1428619f151f8c12f 100644 (file)
--- a/src/social/social_api.c
+++ b/src/social/social_api.c
@@ -657,10 +657,17 @@ check_place_state_result (void *cls,
                           const struct GNUNET_OperationResultMessage *res)
 {
   const struct GNUNET_MessageHeader *mod = GNUNET_MQ_extract_nested_mh (res);
-  uint16_t mod_size = ntohs (mod->size);
-  uint16_t size = ntohs (res->header.size);
+  if (NULL == mod)
+  {
+    GNUNET_break_op (0);
+    LOG (GNUNET_ERROR_TYPE_WARNING,
+         "Invalid modifier in state result\n");
+    return GNUNET_SYSERR;
+  }
 
-  if (NULL == mod || size - sizeof (*res) != mod_size)
+  uint16_t size = ntohs (res->header.size);
+  uint16_t mod_size = ntohs (mod->size);
+  if (size - sizeof (*res) != mod_size)
   {
     GNUNET_break_op (0);
     LOG (GNUNET_ERROR_TYPE_WARNING,
@@ -700,7 +707,9 @@ handle_place_state_result (void *cls,
 
     const char *name = (const char *) &pmod[1];
     uint16_t name_size = ntohs (pmod->name_size);
-    if ('\0' != name[name_size - 1])
+    if (0 == name_size
+        || mod_size - sizeof (*pmod) < name_size
+        || '\0' != name[name_size - 1])
     {
       GNUNET_break_op (0);
       LOG (GNUNET_ERROR_TYPE_WARNING,