forked from beerpsi/chuniio-brokenithm
Fixes some buffer overflow waiting to happen
This commit is contained in:
parent
0629198429
commit
33fa1c362a
@ -15,8 +15,6 @@
|
||||
#include "servers/common.h"
|
||||
#include "socket.h"
|
||||
|
||||
#define BUFSIZ 512
|
||||
|
||||
bool tcp_mode = true;
|
||||
uint16_t server_port = 52468;
|
||||
|
||||
@ -193,7 +191,7 @@ unsigned int __stdcall input_recv_thread_proc(void *v) {
|
||||
uint8_t real_len;
|
||||
|
||||
while (!atomic_load(&ctx->exit_flag)) {
|
||||
char buffer[BUFSIZ];
|
||||
char buffer[96];
|
||||
|
||||
if (!tcp_mode) {
|
||||
/**
|
||||
@ -202,7 +200,7 @@ unsigned int __stdcall input_recv_thread_proc(void *v) {
|
||||
remaining data is discarded
|
||||
**/
|
||||
|
||||
if ((recv_len = recvfrom(sock, buffer, BUFSIZ - 1, 0, NULL, NULL)) == -1) {
|
||||
if ((recv_len = recvfrom(sock, buffer, 96, 0, NULL, NULL)) == -1) {
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -243,7 +241,7 @@ unsigned int __stdcall input_recv_thread_proc(void *v) {
|
||||
}
|
||||
|
||||
real_len = buffer[0];
|
||||
packet_len = real_len + 1;
|
||||
packet_len = real_len + 1; // 1 for the packet length
|
||||
|
||||
while (recv_len < packet_len) {
|
||||
const int read =
|
||||
@ -308,7 +306,7 @@ unsigned int __stdcall input_recv_thread_proc(void *v) {
|
||||
memcmp(buffer + 1, "CON", 3) == 0) {
|
||||
const struct PacketConnect *pkt = (struct PacketConnect *)buffer;
|
||||
|
||||
get_socks_address(pkt, ctx->remote_address, BUFSIZ - 1, &ctx->remote_port);
|
||||
get_socks_address(pkt, ctx->remote_address, 40, &ctx->remote_port);
|
||||
print_err("[Android: INFO] Device %s:%d connected.\n", ctx->remote_address,
|
||||
ctx->remote_port);
|
||||
|
||||
@ -326,7 +324,7 @@ unsigned int __stdcall input_recv_thread_proc(void *v) {
|
||||
if (strlen(ctx->remote_address)) {
|
||||
print_err("[Android: INFO] Device %s:%d disconnected.\n", ctx->remote_address,
|
||||
ctx->remote_port);
|
||||
memset(ctx->remote_address, 0, BUFSIZ);
|
||||
memset(ctx->remote_address, 0, 40);
|
||||
}
|
||||
|
||||
if (tcp_mode) {
|
||||
|
@ -75,7 +75,7 @@ unsigned int __stdcall ios_input_recv_thread_proc(void *v) {
|
||||
bool air_enabled = true;
|
||||
|
||||
while (!atomic_load(&ctx->exit_flag)) {
|
||||
char buffer[BUFSIZ];
|
||||
char buffer[96];
|
||||
int status;
|
||||
uint32_t read;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user