Skip to content

bugfix(network): Prevent buffer overflow in NetPacket::readFileMessage() and NetPacket::readFileAnnounceMessage() #1981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
xezon merged 1 commit into from
Dec 13, 2025
Merged

bugfix(network): Prevent buffer overflow in NetPacket::readFileMessage() and NetPacket::readFileAnnounceMessage() #1981

xezon merged 1 commit into from
Dec 13, 2025
+6 −16

Conversation

@Mauller
Copy link

@Mauller Mauller commented Dec 11, 2025
edited
Loading

This is a continuation of an earlier orphaned PR
Closes: #1668

This PR fixes two possible buffer overflows in NetPacket file handling messages.

We are expecting the received message to be in a particular format and for strings received to be null terminated.
But the original code never checked if we had exceeded the size of the buffer in which the string will be stored.

The size of the buffer cannot be changed as it relates to the maximum path length supported within windows when long file paths are not in use.

Strlcpy will return the length of the orginal string beyond the size of the buffer but will only copy up to the buffer size-1, the rest of the code is safe from malicious behaviour but a malformed packet may cause unexpected behaviour still.

@Mauller Mauller added this to the Major bug fixes milestone Dec 11, 2025
@Mauller Mauller self-assigned this Dec 11, 2025
@Mauller Mauller added Bug Something is not working right, typically is user facing Critical Severity: Minor < Major < Critical < Blocker Network Anything related to network, servers Gen Relates to Generals ZH Relates to Zero Hour Security Is security related labels Dec 11, 2025
Caball009
Caball009 reviewed Dec 11, 2025
View reviewed changes
xezon
xezon approved these changes Dec 12, 2025
View reviewed changes
Copy link

@xezon xezon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very secure.

@Mauller @jbremer @Skyaero42
bugfix(network): Prevent buffer overflow in NetPacket::readFileMessag…
f101fdd 
…e() and NetPacket::readFileAnnounceMessage()

Co-authored-by: JBremer <jbremer@users.noreply.github.com>
Co-authored-by: SkyAero <Skyaero42@users.noreply.github.com>
@Mauller Mauller force-pushed the Mauller/fix-buffer-overflow-netpacket branch from 60516eb to f101fdd Compare December 12, 2025 22:06
@Mauller
Copy link
Author

Mauller commented Dec 12, 2025

Updated from feedback.

@xezon xezon merged commit 38abe9e into TheSuperHackers:main Dec 13, 2025
23 checks passed
@jbremer
Copy link

jbremer commented Dec 13, 2025

Nice. Technically I think this still allows OOB reads when the input is not nul-terminated, but in practice I don't think that's an issue. Great work, thanks for making it slightly more secure ;-)

@Mauller Mauller deleted the Mauller/fix-buffer-overflow-netpacket branch December 13, 2025 15:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Caball009 Caball009 Caball009 left review comments

@xezon xezon xezon approved these changes

Assignees

@Mauller Mauller

Labels

Bug Something is not working right, typically is user facing Critical Severity: Minor < Major < Critical < Blocker Gen Relates to Generals Network Anything related to network, servers Security Is security related ZH Relates to Zero Hour

Projects

None yet

Milestone

Major bug fixes

Development

Successfully merging this pull request may close these issues.

4 participants

@Mauller @jbremer @xezon @Caball009