From 5b77bd5aa08f0fececa781a308a20a386cc1dd10 Mon Sep 17 00:00:00 2001 From: John Preston Date: Mon, 4 Sep 2017 14:53:14 +0300 Subject: [PATCH] Limit maximum IP length in case of corrupted data. --- Telegram/SourceFiles/mtproto/dc_options.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Telegram/SourceFiles/mtproto/dc_options.cpp b/Telegram/SourceFiles/mtproto/dc_options.cpp index 149ee5a6ec..b872cc7d93 100644 --- a/Telegram/SourceFiles/mtproto/dc_options.cpp +++ b/Telegram/SourceFiles/mtproto/dc_options.cpp @@ -281,6 +281,14 @@ void DcOptions::constructFromSerialized(const QByteArray &serialized) { for (auto i = 0; i != count; ++i) { qint32 id = 0, flags = 0, port = 0, ipSize = 0; stream >> id >> flags >> port >> ipSize; + + // https://stackoverflow.com/questions/1076714/max-length-for-client-ip-address + constexpr auto kMaxIpSize = 45; + if (ipSize > kMaxIpSize) { + LOG(("MTP Error: Bad data inside DcOptions::constructFromSerialized()")); + return; + } + std::string ip(ipSize, ' '); stream.readRawData(&ip[0], ipSize);