Fix checks for additional data at the end.

GitOrigin-RevId: 66067600bec585ad2c310c7adc263a5e88232653
This commit is contained in:
levlam 2019-07-11 03:12:27 +03:00
parent ae4a73645b
commit 64517c9165
4 changed files with 7 additions and 2 deletions

View File

@ -479,6 +479,7 @@ Status SessionConnection::on_slice_packet(const MsgInfo &info, Slice packet) {
} }
TlParser parser(packet); TlParser parser(packet);
tl_object_ptr<mtproto_api::Object> object = mtproto_api::Object::fetch(parser); tl_object_ptr<mtproto_api::Object> object = mtproto_api::Object::fetch(parser);
parser.fetch_end();
if (parser.get_error()) { if (parser.get_error()) {
// msg_container is not real tl object // msg_container is not real tl object
if (packet.size() >= 4 && as<int32>(packet.begin()) == mtproto_api::msg_container::ID) { if (packet.size() >= 4 && as<int32>(packet.begin()) == mtproto_api::msg_container::ID) {

View File

@ -102,16 +102,17 @@ Result<SimpleConfig> decode_config(Slice input) {
TlParser len_parser{data_cbc}; TlParser len_parser{data_cbc};
int len = len_parser.fetch_int(); int len = len_parser.fetch_int();
if (len < 0 || len > 204) { if (len < 8 || len > 208) {
return Status::Error(PSLICE() << "Invalid " << tag("data length", len) << " after aes_cbc_decrypt"); return Status::Error(PSLICE() << "Invalid " << tag("data length", len) << " after aes_cbc_decrypt");
} }
int constructor_id = len_parser.fetch_int(); int constructor_id = len_parser.fetch_int();
if (constructor_id != telegram_api::help_configSimple::ID) { if (constructor_id != telegram_api::help_configSimple::ID) {
return Status::Error(PSLICE() << "Wrong " << tag("constructor", format::as_hex(constructor_id))); return Status::Error(PSLICE() << "Wrong " << tag("constructor", format::as_hex(constructor_id)));
} }
BufferSlice raw_config(data_cbc.substr(8, len)); BufferSlice raw_config(data_cbc.substr(8, len - 8));
TlBufferParser parser{&raw_config}; TlBufferParser parser{&raw_config};
auto config = telegram_api::help_configSimple::fetch(parser); auto config = telegram_api::help_configSimple::fetch(parser);
parser.fetch_end();
TRY_STATUS(parser.get_status()); TRY_STATUS(parser.get_status());
return std::move(config); return std::move(config);
} }

View File

@ -895,6 +895,7 @@ Status SecretChatActor::do_inbound_message_encrypted(unique_ptr<logevent::Inboun
Status status; Status status;
if (id == secret_api::decryptedMessageLayer::ID) { if (id == secret_api::decryptedMessageLayer::ID) {
auto message_with_layer = secret_api::decryptedMessageLayer::fetch(parser); auto message_with_layer = secret_api::decryptedMessageLayer::fetch(parser);
parser.fetch_end();
if (!parser.get_error()) { if (!parser.get_error()) {
auto layer = message_with_layer->layer_; auto layer = message_with_layer->layer_;
if (layer < DEFAULT_LAYER && false /*TODO: fix android app bug? */) { if (layer < DEFAULT_LAYER && false /*TODO: fix android app bug? */) {
@ -930,6 +931,7 @@ Status SecretChatActor::do_inbound_message_encrypted(unique_ptr<logevent::Inboun
if (config_state_.his_layer == 8) { if (config_state_.his_layer == 8) {
TlBufferParser new_parser(&data_buffer); TlBufferParser new_parser(&data_buffer);
auto message_without_layer = secret_api::DecryptedMessage::fetch(new_parser); auto message_without_layer = secret_api::DecryptedMessage::fetch(new_parser);
parser.fetch_end();
if (!new_parser.get_error()) { if (!new_parser.get_error()) {
message->decrypted_message_layer = secret_api::make_object<secret_api::decryptedMessageLayer>( message->decrypted_message_layer = secret_api::make_object<secret_api::decryptedMessageLayer>(
BufferSlice(), config_state_.his_layer, -1, -1, std::move(message_without_layer)); BufferSlice(), config_state_.his_layer, -1, -1, std::move(message_without_layer));

View File

@ -3580,6 +3580,7 @@ void Td::on_result(NetQueryPtr query) {
auto ok = query->move_as_ok(); auto ok = query->move_as_ok();
TlBufferParser parser(&ok); TlBufferParser parser(&ok);
auto ptr = telegram_api::Updates::fetch(parser); auto ptr = telegram_api::Updates::fetch(parser);
parser.fetch_end();
if (parser.get_error()) { if (parser.get_error()) {
LOG(ERROR) << "Failed to fetch update: " << parser.get_error() << format::as_hex_dump<4>(ok.as_slice()); LOG(ERROR) << "Failed to fetch update: " << parser.get_error() << format::as_hex_dump<4>(ok.as_slice());
updates_manager_->schedule_get_difference("failed to fetch update"); updates_manager_->schedule_get_difference("failed to fetch update");