Skip to content

Commit

Permalink
Fixed major denial of service issue.
Browse files Browse the repository at this point in the history
  • Loading branch information
@irungentoo
irungentoo committed May 8, 2014
1 parent 52bfd7c commit 8902232
Showing 1 changed file with 2 additions and 3 deletions.
5 changes: 2 additions & 3 deletions toxcore/network.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -297,7 +297,6 @@ int sendpacket(Networking_Core *net, IP_Port ip_port, uint8_t *data, uint32_t le
* ip and port of sender is put into ip_port.
* Packet data is put into data.
* Packet length is put into length.
* Dump all empty packets.
*/
static int receivepacket(sock_t sock, IP_Port *ip_port, uint8_t *data, uint32_t *length)
{
Expand All @@ -311,7 +310,7 @@ static int receivepacket(sock_t sock, IP_Port *ip_port, uint8_t *data, uint32_t
*length = 0;
int fail_or_len = recvfrom(sock, (char *) data, MAX_UDP_PACKET_SIZE, 0, (struct sockaddr *)&addr, &addrlen);

if (fail_or_len <= 0) {
if (fail_or_len < 0) {
#ifdef LOGGING

if ((fail_or_len < 0) && (errno != EWOULDBLOCK)) {
Expand All @@ -320,7 +319,7 @@ static int receivepacket(sock_t sock, IP_Port *ip_port, uint8_t *data, uint32_t
}

#endif
return -1; /* Nothing received or empty packet. */
return -1; /* Nothing received. */
}

*length = (uint32_t)fail_or_len;
Expand Down

2 comments on commit 8902232

@joepie91
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What was the attack vector / cause of the vulnerability? In the interest of preventing regressions, this should probably be well-documented.

@irungentoo
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Empty packets made the receive loop end prematurely.

Please sign in to comment.