From 43540d51bc49e610e83d4fd822134b74221993e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juhani=20Krekel=C3=A4?= <juhani@krekelä.fi>
Date: Tue, 9 Jul 2019 16:22:55 +0300
Subject: [PATCH] Check padding

---
 ethermess.c | 34 ++++++++++++++++++++++++++++++----
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/ethermess.c b/ethermess.c
index ec99b3a..473f4ec 100644
--- a/ethermess.c
+++ b/ethermess.c
@@ -233,6 +233,20 @@ void read_command(void) {
 	}
 }
 
+bool check_padding(const unsigned char *data, size_t index, size_t data_length) {
+	// Valid padding is all zero bytes
+	assert(index <= data_length);
+	for (size_t i = index; i < data_length; i++) {
+		if (data[i] != 0) {
+			// Check failed
+			return false;
+		}
+	}
+
+	// Check succeeded
+	return true;
+}
+
 void handle_status(const unsigned char source_mac[6], const unsigned char *data, size_t data_length) {
 	if (data_length < 2) {
 		// Too short
@@ -259,6 +273,11 @@ void handle_status(const unsigned char source_mac[6], const unsigned char *data,
 	unsigned char nick[256];
 	memcpy(nick, &data[2], nick_length);
 
+	if (!check_padding(data, 2 + nick_length, data_length)) {
+		// Malformed padding
+		return;
+	}
+
 	// TODO: check that nick is valid utf-8 with no control chars
 
 	char mac[18];
@@ -303,6 +322,11 @@ void handle_msgid(const unsigned char source_mac[6], const unsigned char *data,
 
 	uint16_t msgid = data[0] << 8 | data[1];
 
+	if (!check_padding(data, 2, data_length)) {
+		// Malformed padding
+		return;
+	}
+
 	ssize_t cache_index = msgid_cache_lookup(source_mac);
 	if (cache_index == -1) {
 		// Not in the cache, so add it there
@@ -375,7 +399,9 @@ void process_frame(void) {
 	// Process the packet based on the packet type
 	switch (packet_type) {
 		case EMT_STATUS_REQUEST:
-			send_status(source_mac);
+			if (check_padding(&frame[16], 0, packet_length - 16)) {
+				send_status(source_mac);
+			}
 			break;
 
 		case EMT_STATUS:
@@ -383,7 +409,9 @@ void process_frame(void) {
 			break;
 
 		case EMT_MSGID_REQUEST:
-			send_msgid(source_mac);
+			if (check_padding(&frame[16], 0, packet_length - 16)) {
+				send_msgid(source_mac);
+			}
 			break;
 
 		case EMT_MSGID:
@@ -393,8 +421,6 @@ void process_frame(void) {
 		default:
 			fprintf(stderr, "Ignoring packet of type %i\n", packet_type);
 	}
-
-	// TODO: Check that padding, if any, is all zeroes
 }
 
 void eventloop(void) {