From: lurchi <lurchi@strangeplace.net>
Date: Sun, 7 Jan 2018 17:35:39 +0000 (+0100)
Subject: properly check size of MsgProcRequest
X-Git-Tag: gnunet-0.11.0rc0~2^2~9
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=638642f8a3d750d77c501bcd565c05c2f98bbc2d;p=oweals%2Fgnunet.git

properly check size of MsgProcRequest
---

diff --git a/src/social/gnunet-service-social.c b/src/social/gnunet-service-social.c
index 520df20b9..60f1b348d 100644
--- a/src/social/gnunet-service-social.c
+++ b/src/social/gnunet-service-social.c
@@ -1392,19 +1392,23 @@ msg_proc_parse (const struct MsgProcRequest *mpreq,
                 const char **method_prefix,
                 struct GNUNET_HashCode *method_hash)
 {
-  uint8_t method_size = ntohs (mpreq->header.size) - sizeof (*mpreq);
+  ssize_t method_size = ntohs (mpreq->header.size) - sizeof (*mpreq);
   uint16_t offset = GNUNET_STRINGS_buffer_tokenize ((const char *) &mpreq[1],
                                                     method_size, 1, method_prefix);
 
+  if (method_size < 0)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
+                "MsgProcRequest has invalid size\n");
+    return GNUNET_SYSERR;
+  }
   if (0 == offset || offset != method_size || *method_prefix == NULL)
   {
     GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
-                "offset = %u, method_size = %u, method_name = %s\n",
-                offset, method_size, *method_prefix);
+                "MsgProcRequest contains invalid method\n");
     return GNUNET_SYSERR;
   }
-
-  GNUNET_CRYPTO_hash (*method_prefix, method_size, method_hash);
+  GNUNET_CRYPTO_hash (*method_prefix, (size_t) method_size, method_hash);
   *flags = ntohl (mpreq->flags);
   return GNUNET_OK;
 }