diff options
author | Richard van der Hoff <richard@matrix.org> | 2016-10-19 15:03:40 +0100 |
---|---|---|
committer | Richard van der Hoff <richard@matrix.org> | 2016-10-19 15:03:40 +0100 |
commit | 1ff64391edf9f2e3180238271858698a5a6f30c6 (patch) | |
tree | 8d8b6021b8216fe7de12773cea691d1a085d23bf /src | |
parent | 38acc352a3f3aac40c132e5321da540da38c832e (diff) |
Fix a buffer bounds check when decoding group messages
Fixes a segfault when a group message had exactly the length of the mac +
signature.
Also tweak skipping of unknown tags to avoid an extra trip around the loop.
Diffstat (limited to 'src')
-rw-r--r-- | src/message.cpp | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/src/message.cpp b/src/message.cpp index 05fe2c7..1c11a4a 100644 --- a/src/message.cpp +++ b/src/message.cpp @@ -214,11 +214,13 @@ void olm::decode_message( reader.ciphertext = nullptr; reader.ciphertext_length = 0; - if (pos == end) return; if (input_length < mac_length) return; + + if (pos == end) return; reader.version = *(pos++); while (pos != end) { + unknown = pos; pos = decode( pos, end, RATCHET_KEY_TAG, reader.ratchet_key, reader.ratchet_key_length @@ -234,7 +236,6 @@ void olm::decode_message( if (unknown == pos) { pos = skip_unknown(pos, end); } - unknown = pos; } } @@ -303,6 +304,7 @@ void olm::decode_one_time_key_message( reader.version = *(pos++); while (pos != end) { + unknown = pos; pos = decode( pos, end, ONE_TIME_KEY_ID_TAG, reader.one_time_key, reader.one_time_key_length @@ -322,7 +324,6 @@ void olm::decode_one_time_key_message( if (unknown == pos) { pos = skip_unknown(pos, end); } - unknown = pos; } } @@ -377,9 +378,12 @@ void _olm_decode_group_message( results->ciphertext_length = 0; if (input_length < trailer_length) return; + + if (pos == end) return; results->version = *(pos++); while (pos != end) { + unknown = pos; pos = decode( pos, end, GROUP_MESSAGE_INDEX_TAG, results->message_index, has_message_index @@ -391,7 +395,6 @@ void _olm_decode_group_message( if (unknown == pos) { pos = skip_unknown(pos, end); } - unknown = pos; } results->has_message_index = (int)has_message_index; |