pohui_pohui/firmware
1
0
Fork 0
mirror of https://github.com/meshtastic/firmware.git synced 2025-02-26 22:33:24 +00:00
Code Issues Actions4 Packages Projects Releases Wiki Activity

Fix vulnerability with "h.from == 0"

Browse Source 
// altered packed with "from == 0" can do Remote Node Administration without permission
This commit is contained in:
a_filonichev 2023-01-20 01:38:13 +02:00
parent 48ea836a5c
commit 3eaa054c68
1 changed files with 5 additions and 1 deletions

6
src/mesh/RadioLibInterface.cpp
View File

@ -347,7 +347,11 @@ QueueStatus RadioLibInterface::getQueueStatus()
airTime->logAirtime(RX_ALL_LOG, xmitMsec);
} else {
const PacketHeader *h = (PacketHeader *)radiobuf;
// altered packed with "from == 0" can do Remote Node Administration without permission
if (h->from == 0) {
LOG_WARN("ignoring received packet without sender\n");
return;
}
rxGood++;
// Note: we deliver _all_ packets to our router (i.e. our interface is intentionally promiscuous).