Commit 6b9ed46d authored by Kirill Smelkov's avatar Kirill Smelkov

X neonet: Avoid integer overflow on max packet length check

`proto.PktHeaderLen + packed.Ntoh32(pkth.MsgLen)` could wrap int32 if
sent pkth.MsgLen is big.
parent a16e8d52
...@@ -1158,10 +1158,11 @@ func (nl *NodeLink) recvPkt() (*pktBuf, error) { ...@@ -1158,10 +1158,11 @@ func (nl *NodeLink) recvPkt() (*pktBuf, error) {
pkth := pkt.Header() pkth := pkt.Header()
pktLen := int(proto.PktHeaderLen + packed.Ntoh32(pkth.MsgLen)) // whole packet length msgLen := packed.Ntoh32(pkth.MsgLen)
if pktLen > proto.PktMaxSize { if msgLen > proto.PktMaxSize - proto.PktHeaderLen {
return nil, ErrPktTooBig return nil, ErrPktTooBig
} }
pktLen := int(proto.PktHeaderLen + msgLen) // whole packet length
// resize data if we don't have enough room in it // resize data if we don't have enough room in it
data = xbytes.Resize(data, pktLen) data = xbytes.Resize(data, pktLen)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment