Fix incorrect overflow handling in the DHT's parser.
This commit is contained in:
parent
62cb43a173
commit
429754cfb5
|
@ -1,3 +1,8 @@
|
|||
dht-0.18 (unreleased)
|
||||
|
||||
* Fix a bug that could cause parse_message to enter an infinite loop
|
||||
on overflow.
|
||||
|
||||
9 January 2011: dht-0.17:
|
||||
|
||||
* Fix a bug that prevented calling dht_init after dht_uninit.
|
||||
|
|
|
@ -2825,21 +2825,19 @@ parse_message(const unsigned char *buf, int buflen,
|
|||
l = strtol((char*)buf + i, &q, 10);
|
||||
if(q && *q == ':' && l > 0) {
|
||||
CHECK(q + 1, l);
|
||||
i = q + 1 + l - (char*)buf;
|
||||
if(l == 6) {
|
||||
if(j + l > *values_len)
|
||||
continue;
|
||||
i = q + 1 + l - (char*)buf;
|
||||
memcpy((char*)values_return + j, q + 1, l);
|
||||
j += l;
|
||||
} else if(l == 18) {
|
||||
if(j6 + l > *values6_len)
|
||||
continue;
|
||||
i = q + 1 + l - (char*)buf;
|
||||
memcpy((char*)values6_return + j6, q + 1, l);
|
||||
j6 += l;
|
||||
} else {
|
||||
debugf("Received weird value -- %d bytes.\n", (int)l);
|
||||
i = q + 1 + l - (char*)buf;
|
||||
}
|
||||
} else {
|
||||
break;
|
||||
|
|
Loading…
Reference in New Issue