oxen-io
/
session-open-group-server
mirror of https://github.com/oxen-io/session-open-group-server.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Check onion request blob size

This commit is contained in:
Maxim Shishmarev 2021-06-29 10:14:19 +10:00
parent d85f425825
commit cddd614167
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/onion_requests.rs
View File

@ -66,6 +66,12 @@ fn parse_onion_request_payload(
// Extract the different components
// This is safe because we know blob has a length of at least 4 bytes
let size = u32::from_le_bytes(blob[0..4].try_into().unwrap()) as usize;
if blob.len() < 4 + size {
warn!("Ignoring blob of invalid size.");
return Err(warp::reject::custom(Error::InvalidOnionRequest));
}
let ciphertext: Vec<u8> = blob[4..(4 + size)].try_into().unwrap();
let utf8_json: Vec<u8> = blob[(4 + size)..].try_into().unwrap();
// Parse JSON