Fixes some buffer overflow waiting to happen

2023-12-31 14:21:12 +07:00 · 2023-12-31 14:21:12 +07:00 · 33fa1c362a
parent 0629198429
commit 33fa1c362a
2 changed files with 6 additions and 8 deletions
--- a/chuniio/src/servers/android.c
+++ b/chuniio/src/servers/android.c
@ -15,8 +15,6 @@
 #include "servers/common.h"
 #include "socket.h"

-#define BUFSIZ 512
-
 bool tcp_mode = true;
 uint16_t server_port = 52468;

@ -193,7 +191,7 @@ unsigned int __stdcall input_recv_thread_proc(void *v) {
    uint8_t real_len;

    while (!atomic_load(&ctx->exit_flag)) {
-        char buffer[BUFSIZ];
+        char buffer[96];

        if (!tcp_mode) {
            /**
@ -202,7 +200,7 @@ unsigned int __stdcall input_recv_thread_proc(void *v) {
            remaining data is discarded
            **/

-            if ((recv_len = recvfrom(sock, buffer, BUFSIZ - 1, 0, NULL, NULL)) == -1) {
+            if ((recv_len = recvfrom(sock, buffer, 96, 0, NULL, NULL)) == -1) {
                continue;
            }

@ -243,7 +241,7 @@ unsigned int __stdcall input_recv_thread_proc(void *v) {
            }

            real_len = buffer[0];
-            packet_len = real_len + 1;
+            packet_len = real_len + 1;  // 1 for the packet length

            while (recv_len < packet_len) {
                const int read =
@ -308,7 +306,7 @@ unsigned int __stdcall input_recv_thread_proc(void *v) {
                   memcmp(buffer + 1, "CON", 3) == 0) {
            const struct PacketConnect *pkt = (struct PacketConnect *)buffer;

-            get_socks_address(pkt, ctx->remote_address, BUFSIZ - 1, &ctx->remote_port);
+            get_socks_address(pkt, ctx->remote_address, 40, &ctx->remote_port);
            print_err("[Android: INFO] Device %s:%d connected.\n", ctx->remote_address,
                      ctx->remote_port);

@ -326,7 +324,7 @@ unsigned int __stdcall input_recv_thread_proc(void *v) {
            if (strlen(ctx->remote_address)) {
                print_err("[Android: INFO] Device %s:%d disconnected.\n", ctx->remote_address,
                          ctx->remote_port);
-                memset(ctx->remote_address, 0, BUFSIZ);
+                memset(ctx->remote_address, 0, 40);
            }

            if (tcp_mode) {
--- a/chuniio/src/servers/ios.c
+++ b/chuniio/src/servers/ios.c
@ -75,7 +75,7 @@ unsigned int __stdcall ios_input_recv_thread_proc(void *v) {
    bool air_enabled = true;

    while (!atomic_load(&ctx->exit_flag)) {
-        char buffer[BUFSIZ];
+        char buffer[96];
        int status;
        uint32_t read;