From 5cca24513b82c2de95ba4e6cfa0ff1dc9a348cdf Mon Sep 17 00:00:00 2001 From: iphydf Date: Wed, 15 Jan 2025 11:53:49 +0000 Subject: [PATCH] cleanup: Check that onion IP/Port packing worked. If it doesn't work for some reason, right now it would cause trouble (e.g. buffer overrun). --- toxcore/onion_announce.c | 5 +++++ toxcore/onion_client.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/toxcore/onion_announce.c b/toxcore/onion_announce.c index f30e6c7207..50e2e00aef 100644 --- a/toxcore/onion_announce.c +++ b/toxcore/onion_announce.c @@ -511,6 +511,11 @@ static int handle_announce_request_common( uint8_t ping_id_data[CRYPTO_PUBLIC_KEY_SIZE + SIZE_IPPORT]; memcpy(ping_id_data, packet_public_key, CRYPTO_PUBLIC_KEY_SIZE); const int packed_len = pack_ip_port(onion_a->log, &ping_id_data[CRYPTO_PUBLIC_KEY_SIZE], SIZE_IPPORT, source); + if (packed_len < 0) { + LOGGER_ERROR(onion_a->log, "failed to pack IP/Port"); + mem_delete(onion_a->mem, plain); + return 1; + } assert(packed_len <= SIZE_IPPORT); memzero(&ping_id_data[CRYPTO_PUBLIC_KEY_SIZE + packed_len], SIZE_IPPORT - packed_len); const uint8_t *data_public_key = plain + ONION_PING_ID_SIZE + CRYPTO_PUBLIC_KEY_SIZE; diff --git a/toxcore/onion_client.c b/toxcore/onion_client.c index 0f75e2d1b9..7f76c83a01 100644 --- a/toxcore/onion_client.c +++ b/toxcore/onion_client.c @@ -580,6 +580,11 @@ static int new_sendback(Onion_Client *onion_c, uint32_t num, const uint8_t *publ memcpy(data, &num, sizeof(uint32_t)); memcpy(&data[sizeof(uint32_t)], public_key, CRYPTO_PUBLIC_KEY_SIZE); const int packed_len = pack_ip_port(onion_c->logger, &data[sizeof(uint32_t) + CRYPTO_PUBLIC_KEY_SIZE], SIZE_IPPORT, ip_port); + if (packed_len < 0) { + LOGGER_ERROR(onion_c->logger, "failed to pack IP/port"); + return -1; + } + assert(packed_len <= SIZE_IPPORT); memzero(&data[sizeof(uint32_t) + CRYPTO_PUBLIC_KEY_SIZE + packed_len], SIZE_IPPORT - packed_len); memcpy(&data[sizeof(uint32_t) + CRYPTO_PUBLIC_KEY_SIZE + SIZE_IPPORT], &path_num, sizeof(uint32_t)); *sendback = ping_array_add(onion_c->announce_ping_array, onion_c->mono_time, onion_c->rng, data, sizeof(data));