Initialise the length fields of the reader struct in decode_message, even if the message is invalid, fixes a crash where the message was too short
This commit is contained in:
parent
76ecd85c2c
commit
a4b2927884
2 changed files with 16 additions and 7 deletions
|
@ -204,13 +204,16 @@ void olm::decode_message(
|
||||||
std::uint8_t const * end = input + input_length - mac_length;
|
std::uint8_t const * end = input + input_length - mac_length;
|
||||||
std::uint8_t const * unknown = nullptr;
|
std::uint8_t const * unknown = nullptr;
|
||||||
|
|
||||||
if (pos == end) return;
|
|
||||||
reader.version = *(pos++);
|
|
||||||
reader.input = input;
|
reader.input = input;
|
||||||
reader.input_length = input_length;
|
reader.input_length = input_length;
|
||||||
reader.has_counter = false;
|
reader.has_counter = false;
|
||||||
reader.ratchet_key = nullptr;
|
reader.ratchet_key = nullptr;
|
||||||
|
reader.ratchet_key_length = 0;
|
||||||
reader.ciphertext = nullptr;
|
reader.ciphertext = nullptr;
|
||||||
|
reader.ciphertext_length = 0;
|
||||||
|
|
||||||
|
if (pos == end) return;
|
||||||
|
reader.version = *(pos++);
|
||||||
|
|
||||||
while (pos != end) {
|
while (pos != end) {
|
||||||
pos = decode(
|
pos = decode(
|
||||||
|
@ -284,12 +287,17 @@ void olm::decode_one_time_key_message(
|
||||||
std::uint8_t const * end = input + input_length;
|
std::uint8_t const * end = input + input_length;
|
||||||
std::uint8_t const * unknown = nullptr;
|
std::uint8_t const * unknown = nullptr;
|
||||||
|
|
||||||
|
reader.one_time_key = nullptr;
|
||||||
|
reader.one_time_key_length = 0;
|
||||||
|
reader.identity_key = nullptr;
|
||||||
|
reader.identity_key_length = 0;
|
||||||
|
reader.base_key = nullptr;
|
||||||
|
reader.base_key_length = 0;
|
||||||
|
reader.message = nullptr;
|
||||||
|
reader.message_length = 0;
|
||||||
|
|
||||||
if (pos == end) return;
|
if (pos == end) return;
|
||||||
reader.version = *(pos++);
|
reader.version = *(pos++);
|
||||||
reader.one_time_key = nullptr;
|
|
||||||
reader.identity_key = nullptr;
|
|
||||||
reader.base_key = nullptr;
|
|
||||||
reader.message = nullptr;
|
|
||||||
|
|
||||||
while (pos != end) {
|
while (pos != end) {
|
||||||
pos = decode(
|
pos = decode(
|
||||||
|
|
|
@ -3,7 +3,8 @@
|
||||||
|
|
||||||
const char * test_cases[] = {
|
const char * test_cases[] = {
|
||||||
"41776f",
|
"41776f",
|
||||||
"7fff6f0101346d671201"
|
"7fff6f0101346d671201",
|
||||||
|
"ee776f41496f674177804177778041776f6716670a677d6f670a67c2677d",
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue