Ensure that a DataTLV is not too long

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
This commit is contained in:
Yohann D'ANELLO 2020-12-21 16:04:13 +01:00
parent b96ff488e7
commit 7a25d24ba3
Signed by: ynerant
GPG Key ID: 3A75C55819C8CF85
3 changed files with 17 additions and 4 deletions

View File

@ -109,7 +109,10 @@ class Squirrel(Hazelnut):
self.refresh_input() self.refresh_input()
if not self.squinnondation.no_emoji: if not self.squinnondation.no_emoji:
self.refresh_emoji_pad() self.refresh_emoji_pad()
try:
key = self.squinnondation.screen.getkey(curses.LINES - 1, 3 + len(self.nickname) + self.input_index) key = self.squinnondation.screen.getkey(curses.LINES - 1, 3 + len(self.nickname) + self.input_index)
except curses.error:
continue
if key == "KEY_MOUSE": if key == "KEY_MOUSE":
try: try:
@ -169,7 +172,12 @@ class Squirrel(Hazelnut):
return return
elif key != "\n": elif key != "\n":
# Insert the pressed key in the current message # Insert the pressed key in the current message
self.input_buffer = self.input_buffer[:self.input_index] + key + self.input_buffer[self.input_index:] new_buffer = self.input_buffer[:self.input_index] + key + self.input_buffer[self.input_index:]
if len(DataTLV.construct(f"<{self.nickname}> {new_buffer}")) > 255 - 8 - 4:
# The message is too long to be sent once. We don't allow the user to type any other character.
curses.beep()
return
self.input_buffer = new_buffer
self.input_index += 1 self.input_index += 1
return return

View File

@ -183,6 +183,11 @@ class DataTLV(TLV):
nonce: int nonce: int
data: bytes data: bytes
def validate_data(self) -> bool:
if len(self.data) >= 256 - 4 - 8:
raise ValueError("The data is too long, the length is larger that one byte.")
return True
def unmarshal(self, raw_data: bytes) -> None: def unmarshal(self, raw_data: bytes) -> None:
self.type = raw_data[0] self.type = raw_data[0]
self.length = raw_data[1] self.length = raw_data[1]
@ -305,7 +310,7 @@ class Packet:
raise ValueError("The magic code of the packet must be 95, found: {:d}".format(self.magic)) raise ValueError("The magic code of the packet must be 95, found: {:d}".format(self.magic))
if self.version != 0: if self.version != 0:
raise ValueError("The version of the packet is not supported: {:d}".format(self.version)) raise ValueError("The version of the packet is not supported: {:d}".format(self.version))
if not (0 <= self.body_length <= 120): if not (0 <= self.body_length <= 1200):
raise ValueError("The body length of the packet is negative or too high. It must be between 0 and 1020," raise ValueError("The body length of the packet is negative or too high. It must be between 0 and 1020,"
"found: {:d}".format(self.body_length)) "found: {:d}".format(self.body_length))
return all(tlv.validate_data() for tlv in self.body) return all(tlv.validate_data() for tlv in self.body)

View File

@ -52,7 +52,7 @@ class Squinnondation:
instance.screen = screen instance.screen = screen
screen.addstr(0, 0, "Enter your nickname: ") screen.addstr(0, 0, "Enter your nickname: ")
curses.echo() curses.echo()
nickname = screen.getstr().decode("UTF-8") nickname = screen.getstr(225).decode("UTF-8") # Limit nickname length to be included in a DataTLV
curses.noecho() curses.noecho()
squirrel = Squirrel(instance, nickname) squirrel = Squirrel(instance, nickname)