buffer Underflow vulnarability assertion check fix for RFC1751.cpp #5127
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Key Points: Error Handling: The btoe function now checks if strData is at least 8 bytes long, throwing an exception if not. Standardization: The standard function converts input words to a standardized format. Word Search: The wsrch function performs a binary search on the dictionary. Encoding and Decoding: Functions like etob and getKeyFromEnglish handle the conversion between binary data and English words. This complete code now includes necessary checks to prevent buffer underflow and ensures safer handling of input data.
Key Changes: Logging Improvements: Changed log messages to avoid directly logging sensitive data like IP addresses and ports. Used more generic messages to indicate configuration errors without exposing sensitive details. Error Handling: Used Rethrow() to propagate exceptions after logging a generic error message. Security Considerations: Ensure logs are securely stored and access is restricted to authorized personnel to prevent unauthorized access to potentially sensitive configuration details.
assertion added
|
Please kindly re-format this PR, as per to https://github.com/XRPLF/rippled/blob/develop/CONTRIBUTING.md#formatting Note, we are using old clang-format-10, but it's trivial to setup with the help of containerised ubuntu:20.04 (https://packages.ubuntu.com/focal/clang-format-10 ) |
|
Also, this PR seems to be removing existing comments from the codebase in a rather arbitrary manner, please do not do that without a good reason. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
an assertion check fix has been updated with the code
https://github.com/nathanogaga118/rippled/blob/develop/src/libxrpl/crypto/RFC1751.cpp
Key Changes and fixes:
Assertions Added:
In btoe: assert(strData.size() >= 8 && "strData must be at least 8 bytes long");
In getEnglishFromKey: assert(strKey.size() >= 16 && "strKey must be at least 16 bytes long");
These assertions ensure that the preconditions for the btoe function are met, preventing potential buffer underflow issues.