Merge pull request #1701 from simonvetter/openssl

fix a few undefined behaviour/out of bounds issues
2024-11-10 08:00:38 +03:00 · 2021-10-19 18:25:06 -04:00 · 2021-10-19 18:25:06 -04:00 · 4ce7e192d6
commit 4ce7e192d6
parent 04ca916aac a348e10620
5 changed files with 9 additions and 8 deletions
--- a/libi2pd/ECIESX25519AEADRatchetSession.cpp
+++ b/libi2pd/ECIESX25519AEADRatchetSession.cpp
@ -534,7 +534,7 @@ namespace garlic
 			LogPrint (eLogError, "Garlic: Can't encode elligator");
 			return false;
 		}
-		memcpy (m_NSREncodedKey, out + offset, 56); // for possible next NSR
+		memcpy (m_NSREncodedKey, out + offset, 32); // for possible next NSR
 		memcpy (m_NSRH, m_H, 32);
 		offset += 32;
 		// KDF for Reply Key Section
--- a/libi2pd/Identity.cpp
+++ b/libi2pd/Identity.cpp
@ -19,7 +19,8 @@ namespace data
 	Identity& Identity::operator=(const Keys& keys)
 	{
 		// copy public and signing keys together
-		memcpy (publicKey, keys.publicKey, sizeof (publicKey) + sizeof (signingKey));
+		memcpy (publicKey, keys.publicKey, sizeof (publicKey));
+		memcpy (signingKey, keys.signingKey, sizeof (signingKey));
 		memset (certificate, 0, sizeof (certificate));
 		return *this;
 	}
--- a/libi2pd/NetDb.cpp
+++ b/libi2pd/NetDb.cpp
@ -66,8 +66,8 @@ namespace data
 		if (it != m_RouterInfos.end ())
 		{
 			// remove own router
-			m_RouterInfos.erase (it);
 			m_Floodfills.remove (it->second);
+			m_RouterInfos.erase (it);
 		}
 		// insert own router
 		m_RouterInfos.emplace (i2p::context.GetIdentHash (), i2p::context.GetSharedRouterInfo ());
--- a/libi2pd/SSUData.cpp
+++ b/libi2pd/SSUData.cpp
@ -185,7 +185,7 @@ namespace transport
 			auto& incompleteMessage = it->second;
 			// mark fragment as received
 			if (fragmentNum < 64)
-				incompleteMessage->receivedFragmentsBits |= (0x01 << fragmentNum);
+				incompleteMessage->receivedFragmentsBits |= (uint64_t(0x01) << fragmentNum);
 			else
 				LogPrint (eLogWarning, "SSU: Fragment number ", fragmentNum, " exceeds 64");
 			
--- a/libi2pd/SSUSession.cpp
+++ b/libi2pd/SSUSession.cpp
@ -303,7 +303,7 @@ namespace transport
 			}	
 			else
 			{	
-				LogPrint (eLogError, "SSU: Wrong external address ", ourIP.to_string ());
+				LogPrint (eLogError, "SSU: External address ", ourIP.to_string (), " is in reserved range");
 				Failed ();
 			}	
 		}
@ -609,7 +609,7 @@ namespace transport
 		{
 			*payload = 16;
 			payload++; // size
-			memcpy (payload, to.address ().to_v6 ().to_bytes ().data (), 16); // Alice's IP V6
+			memcpy (payload, to.address ().to_v6 ().to_bytes ().data (), 16); // Charlie's IP V6
 			payload += 16; // address
 		}	
 		htobe16buf (payload, to.port ()); // Charlie's port
@ -703,7 +703,7 @@ namespace transport
 		if (!i2p::util::net::IsInReservedRange (ourIP))
 			i2p::context.UpdateAddress (ourIP);
 		else
-			LogPrint (eLogWarning, "SSU: Wrong external address ", ourIP.to_string ());
+			LogPrint (eLogError, "SSU: External address ", ourIP.to_string (), " is in reserved range");
 		if (ourIP.is_v4 ())
 		{	
 			if (ourPort != m_Server.GetPort ())
@ -1301,7 +1301,7 @@ namespace transport
 			ip = boost::asio::ip::address_v6 (bytes);
 		}	
 		else
-			LogPrint (eLogWarning, "SSU: Address size ", size, " is not supported");
+			LogPrint (eLogWarning, "SSU: Address size ", int(size), " is not supported");
 		buf += size;
 		port = bufbe16toh (buf);
 		return s;