From 88ab6f5c76ca8f64afb501bf73e643d85611dea3 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Fri, 1 Jan 2021 18:41:01 +0100 Subject: [PATCH] More security in TLV analysis --- squinnondation/messages.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/squinnondation/messages.py b/squinnondation/messages.py index 2b15993..a5304f7 100644 --- a/squinnondation/messages.py +++ b/squinnondation/messages.py @@ -120,7 +120,7 @@ class PadNTLV(TLV): def handle(self, squirrel: Any, sender: Any) -> None: # TODO Add some easter eggs - squirrel.add_system_message(f"I received {self.length} zeros, am I so a bag guy ? :cold_sweat:") + squirrel.add_system_message(f"I received {self.length} zeros, am I so a bad guy ? :cold_sweat:") @staticmethod def construct(length: int) -> "PadNTLV": @@ -201,6 +201,11 @@ class NeighbourTLV(TLV): ip_address: IPv6Address port: int + def validate_data(self) -> bool: + if not (1 <= self.port <= 65535): + raise ValueError(f"Invalid port received in NeighbourTLV: {self.port}") + return True + def unmarshal(self, raw_data: bytes) -> None: self.type = raw_data[0] self.length = raw_data[1] @@ -259,7 +264,6 @@ class DataTLV(TLV): def handle(self, squirrel: Any, sender: Any) -> None: """ A message has been sent. We log it. - TODO: Check that the tuple (sender_id, nonce) is unique to avoid duplicates. """ msg = self.data.decode('UTF-8')