Fix checks for additional data at the end.
GitOrigin-RevId: 66067600bec585ad2c310c7adc263a5e88232653
This commit is contained in:
parent
ae4a73645b
commit
64517c9165
@ -479,6 +479,7 @@ Status SessionConnection::on_slice_packet(const MsgInfo &info, Slice packet) {
|
|||||||
}
|
}
|
||||||
TlParser parser(packet);
|
TlParser parser(packet);
|
||||||
tl_object_ptr<mtproto_api::Object> object = mtproto_api::Object::fetch(parser);
|
tl_object_ptr<mtproto_api::Object> object = mtproto_api::Object::fetch(parser);
|
||||||
|
parser.fetch_end();
|
||||||
if (parser.get_error()) {
|
if (parser.get_error()) {
|
||||||
// msg_container is not real tl object
|
// msg_container is not real tl object
|
||||||
if (packet.size() >= 4 && as<int32>(packet.begin()) == mtproto_api::msg_container::ID) {
|
if (packet.size() >= 4 && as<int32>(packet.begin()) == mtproto_api::msg_container::ID) {
|
||||||
|
@ -102,16 +102,17 @@ Result<SimpleConfig> decode_config(Slice input) {
|
|||||||
|
|
||||||
TlParser len_parser{data_cbc};
|
TlParser len_parser{data_cbc};
|
||||||
int len = len_parser.fetch_int();
|
int len = len_parser.fetch_int();
|
||||||
if (len < 0 || len > 204) {
|
if (len < 8 || len > 208) {
|
||||||
return Status::Error(PSLICE() << "Invalid " << tag("data length", len) << " after aes_cbc_decrypt");
|
return Status::Error(PSLICE() << "Invalid " << tag("data length", len) << " after aes_cbc_decrypt");
|
||||||
}
|
}
|
||||||
int constructor_id = len_parser.fetch_int();
|
int constructor_id = len_parser.fetch_int();
|
||||||
if (constructor_id != telegram_api::help_configSimple::ID) {
|
if (constructor_id != telegram_api::help_configSimple::ID) {
|
||||||
return Status::Error(PSLICE() << "Wrong " << tag("constructor", format::as_hex(constructor_id)));
|
return Status::Error(PSLICE() << "Wrong " << tag("constructor", format::as_hex(constructor_id)));
|
||||||
}
|
}
|
||||||
BufferSlice raw_config(data_cbc.substr(8, len));
|
BufferSlice raw_config(data_cbc.substr(8, len - 8));
|
||||||
TlBufferParser parser{&raw_config};
|
TlBufferParser parser{&raw_config};
|
||||||
auto config = telegram_api::help_configSimple::fetch(parser);
|
auto config = telegram_api::help_configSimple::fetch(parser);
|
||||||
|
parser.fetch_end();
|
||||||
TRY_STATUS(parser.get_status());
|
TRY_STATUS(parser.get_status());
|
||||||
return std::move(config);
|
return std::move(config);
|
||||||
}
|
}
|
||||||
|
@ -895,6 +895,7 @@ Status SecretChatActor::do_inbound_message_encrypted(unique_ptr<logevent::Inboun
|
|||||||
Status status;
|
Status status;
|
||||||
if (id == secret_api::decryptedMessageLayer::ID) {
|
if (id == secret_api::decryptedMessageLayer::ID) {
|
||||||
auto message_with_layer = secret_api::decryptedMessageLayer::fetch(parser);
|
auto message_with_layer = secret_api::decryptedMessageLayer::fetch(parser);
|
||||||
|
parser.fetch_end();
|
||||||
if (!parser.get_error()) {
|
if (!parser.get_error()) {
|
||||||
auto layer = message_with_layer->layer_;
|
auto layer = message_with_layer->layer_;
|
||||||
if (layer < DEFAULT_LAYER && false /*TODO: fix android app bug? */) {
|
if (layer < DEFAULT_LAYER && false /*TODO: fix android app bug? */) {
|
||||||
@ -930,6 +931,7 @@ Status SecretChatActor::do_inbound_message_encrypted(unique_ptr<logevent::Inboun
|
|||||||
if (config_state_.his_layer == 8) {
|
if (config_state_.his_layer == 8) {
|
||||||
TlBufferParser new_parser(&data_buffer);
|
TlBufferParser new_parser(&data_buffer);
|
||||||
auto message_without_layer = secret_api::DecryptedMessage::fetch(new_parser);
|
auto message_without_layer = secret_api::DecryptedMessage::fetch(new_parser);
|
||||||
|
parser.fetch_end();
|
||||||
if (!new_parser.get_error()) {
|
if (!new_parser.get_error()) {
|
||||||
message->decrypted_message_layer = secret_api::make_object<secret_api::decryptedMessageLayer>(
|
message->decrypted_message_layer = secret_api::make_object<secret_api::decryptedMessageLayer>(
|
||||||
BufferSlice(), config_state_.his_layer, -1, -1, std::move(message_without_layer));
|
BufferSlice(), config_state_.his_layer, -1, -1, std::move(message_without_layer));
|
||||||
|
@ -3580,6 +3580,7 @@ void Td::on_result(NetQueryPtr query) {
|
|||||||
auto ok = query->move_as_ok();
|
auto ok = query->move_as_ok();
|
||||||
TlBufferParser parser(&ok);
|
TlBufferParser parser(&ok);
|
||||||
auto ptr = telegram_api::Updates::fetch(parser);
|
auto ptr = telegram_api::Updates::fetch(parser);
|
||||||
|
parser.fetch_end();
|
||||||
if (parser.get_error()) {
|
if (parser.get_error()) {
|
||||||
LOG(ERROR) << "Failed to fetch update: " << parser.get_error() << format::as_hex_dump<4>(ok.as_slice());
|
LOG(ERROR) << "Failed to fetch update: " << parser.get_error() << format::as_hex_dump<4>(ok.as_slice());
|
||||||
updates_manager_->schedule_get_difference("failed to fetch update");
|
updates_manager_->schedule_get_difference("failed to fetch update");
|
||||||
|
Reference in New Issue
Block a user