{
SilcBuffer tmpbuf = NULL;
unsigned char tmp[4], *str = NULL, *ret;
- int len;
+ SilcUInt32 len;
/* Encode according to attribute type */
if (flags & SILC_ATTRIBUTE_FLAG_VALID) {
case SILC_ATTRIBUTE_SERVICE:
{
SilcAttributeObjService *service = object;
+ SilcUInt32 len2;
if (object_size != sizeof(*service))
return NULL;
len = strlen(service->address);
- str = silc_malloc(7 + len);
- if (!str)
- return NULL;
- SILC_PUT32_MSB(service->port, str);
- SILC_PUT16_MSB(len, str + 4);
- memcpy(str + 6, service->address, len);
- str[6 + len] = service->status;
- object = str;
- object_size = 7 + len;
+ len2 = strlen(service->signon);
+ tmpbuf = silc_buffer_alloc_size(13 + len + len2);
+ silc_buffer_format(tmpbuf,
+ SILC_STR_UI_INT(service->port),
+ SILC_STR_UI_SHORT(len),
+ SILC_STR_UI_XNSTRING(service->address, len),
+ SILC_STR_UI_CHAR(service->status),
+ SILC_STR_UI_SHORT(len2),
+ SILC_STR_UI_XNSTRING(service->signon, len2),
+ SILC_STR_UI_INT(service->idle),
+ SILC_STR_END);
+ object = tmpbuf->data;
+ object_size = tmpbuf->len;
}
break;
case SILC_ATTRIBUTE_GEOLOCATION:
{
SilcAttributeObjGeo *geo = object;
- int len1, len2, len3, len4;
+ SilcUInt32 len1, len2, len3, len4;
if (object_size != sizeof(*geo))
return NULL;
len1 = (geo->longitude ? strlen(geo->longitude) : 0);
case SILC_ATTRIBUTE_DEVICE_INFO:
{
SilcAttributeObjDevice *dev = object;
- int len1, len2, len3, len4;
+ SilcUInt32 len1, len2, len3, len4;
if (object_size != sizeof(*dev))
return NULL;
len1 = (dev->manufacturer ? strlen(dev->manufacturer) : 0);
attr->data =
silc_attribute_payload_encode_int(attribute, flags, object,
object_size, &tmp_len);
- attr->data_len = (SilcUInt32)tmp_len;
+ attr->data_len = (SilcUInt16)tmp_len;
if (!attr->data) {
silc_free(attr);
return NULL;
SilcBufferStruct buffer;
SilcDList list;
SilcAttributePayload newp;
- int len, ret;
+ SilcUInt32 len;
+ int ret;
SILC_LOG_DEBUG(("Parsing Attribute Payload list"));
if (ret == -1)
goto err;
- if (newp->data_len > buffer.len) {
+ if (newp->data_len > buffer.len - 4) {
SILC_LOG_ERROR(("Incorrect attribute payload in list"));
goto err;
}
SilcUInt32 data_len)
{
SilcBuffer buffer = attrs;
- int len;
+ SilcUInt32 len;
- len = 4 + data_len;
+ len = 4 + (SilcUInt16)data_len;
buffer = silc_buffer_realloc(buffer,
(buffer ? buffer->truelen + len : len));
if (!buffer)
SILC_STR_UI_CHAR(attribute),
SILC_STR_UI_CHAR(flags),
SILC_STR_UI_SHORT((SilcUInt16)data_len),
- SILC_STR_UI_XNSTRING(data, data_len),
+ SILC_STR_UI_XNSTRING(data, (SilcUInt16)data_len),
SILC_STR_END);
silc_buffer_push(buffer, buffer->data - buffer->head);
case SILC_ATTRIBUTE_SERVICE:
{
SilcAttributeObjService *service = object;
+ SilcBufferStruct buf;
+ SilcUInt16 addr_len, signon_len;
+ char *addr, *signon;
+ int res;
if (object_size != sizeof(*service))
break;
- if (payload->data_len < 7)
+ if (payload->data_len < 13)
break;
- SILC_GET32_MSB(service->port, payload->data);
- SILC_GET16_MSB(len, payload->data + 4);
- if (payload->data_len < 7 + len)
+ silc_buffer_set(&buf, payload->data, payload->data_len);
+ res = silc_buffer_unformat(&buf,
+ SILC_STR_UI_INT(&service->port),
+ SILC_STR_UI16_NSTRING(&addr, &addr_len),
+ SILC_STR_UI_CHAR(&service->status),
+ SILC_STR_UI16_NSTRING(&signon, &signon_len),
+ SILC_STR_UI_INT(&service->idle),
+ SILC_STR_END);
+ if (res == -1)
break;
- memcpy(service->address, payload->data + 6,
- (len < sizeof(service->address) - 1 ? len :
+ memset(service->address, 0, sizeof(service->address));
+ memset(service->signon, 0, sizeof(service->signon));
+ memcpy(service->address, addr,
+ (addr_len < sizeof(service->address) - 1 ? addr_len :
sizeof(service->address) - 1));
- service->status = payload->data[6 + len] ? TRUE : FALSE;
+ memcpy(service->signon, signon,
+ (signon_len < sizeof(service->signon) - 1 ? signon_len :
+ sizeof(service->signon) - 1));
ret = TRUE;
}
break;
silc_buffer_unformat(&buffer,
SILC_STR_UI16_NSTRING_ALLOC(&pk->type, &len),
SILC_STR_END);
- if (res == -1)
+ if (res == -1 || len > buffer.len - 2)
break;
pk->data = silc_memdup(payload->data + 2 + len,
payload->data_len - 2 - len);