node

[email protected] Sat, 1 Mar 2008 14:02:28 +0000 (UTC)

Author: toad
Date: 2008-03-01 14:02:28 +0000 (Sat, 01 Mar 2008)
New Revision: 18286


Modified:
   trunk/freenet/src/freenet/node/FNPPacketMangler.java
Log:
Prevent NegativeArrayIndexException's.

Modified: trunk/freenet/src/freenet/node/FNPPacketMangler.java
===================================================================
--- trunk/freenet/src/freenet/node/FNPPacketMangler.java        2008-03-01 
12:37:17 UTC (rev 18285)
+++ trunk/freenet/src/freenet/node/FNPPacketMangler.java        2008-03-01 
14:02:28 UTC (rev 18286)
@@ -1229,12 +1229,13 @@

                final int expectedLength =      HASH_LENGTH + // HMAC of the 
cyphertext
                                                                        
(c.getBlockSize() >> 3) + // IV
-                                                                       
HASH_LENGTH + // the signature
+                                                                       
Node.SIGNATURE_PARAMETER_LENGTH * 2 + // the signature
                                                                        
(bothNoderefs ? pn.jfkMyRef.length : 0) + // my reference
                                                                        8 // 
bootID
                                                                        ;
-               if(payload.length < expectedLength + 3) {
-                       Logger.error(this, "Packet too short from 
"+pn.getPeer()+": "+payload.length+" after decryption in JFK(4), should be 
"+(expectedLength + 3));
+               if(payload.length - inputOffset < expectedLength + 3) {
+                       if(!bothNoderefs)
+                               Logger.error(this, "Packet too short from 
"+pn.getPeer()+": "+payload.length+" after decryption in JFK(4), should be 
"+(expectedLength + 3));
                        return false;
                }
                byte[] jfkBuffer = pn.getJFKBuffer();
@@ -1279,6 +1280,10 @@
                byte[] data = new byte[decypheredPayload.length - 
decypheredPayloadOffset];
                System.arraycopy(decypheredPayload, decypheredPayloadOffset, 
data, 0, decypheredPayload.length - decypheredPayloadOffset);
                long bootID = Fields.bytesToLong(data);
+               if(data.length - (bothNoderefs ? pn.jfkMyRef.length : 0) - 8 < 
0) {
+                       Logger.error(this, "No space for hisRef: 
bothNoderefs="+bothNoderefs+" data.length="+data.length+" 
myRef.length="+(pn.jfkMyRef==null?0:pn.jfkMyRef.length)+" orig data length 
"+(payload.length-inputOffset));
+                       return false;
+               }
                byte[] hisRef = new byte[data.length - (bothNoderefs ? 
pn.jfkMyRef.length : 0) - 8];
                System.arraycopy(data, 8, hisRef, 0, hisRef.length);

[freenet-cvs] r18286 - trunk/freenet/src/freenet/node

Reply via email to