pohui_pohui/firmware
1
0
Fork 0
mirror of https://github.com/meshtastic/firmware.git synced 2025-08-06 05:34:45 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

Merge pull request #2179 from nukevoid/master

Browse Source 
Fix vulnerability with "h.from == 0"
This commit is contained in:
GUVWAF 2023-01-21 12:37:50 +01:00 committed by GitHub
commit c628c70db2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/mesh/RadioLibInterface.cpp
View File

@ -347,8 +347,12 @@ QueueStatus RadioLibInterface::getQueueStatus()
airTime->logAirtime(RX_ALL_LOG, xmitMsec); airTime->logAirtime(RX_ALL_LOG, xmitMsec);
} else { } else {
const PacketHeader *h = (PacketHeader *)radiobuf; const PacketHeader *h = (PacketHeader *)radiobuf;
rxGood++; rxGood++;
// altered packet with "from == 0" can do Remote Node Administration without permission
if (h->from == 0) {
LOG_WARN("ignoring received packet without sender\n");
return;
}
// Note: we deliver _all_ packets to our router (i.e. our interface is intentionally promiscuous). // Note: we deliver _all_ packets to our router (i.e. our interface is intentionally promiscuous).
// This allows the router and other apps on our node to sniff packets (usually routing) between other // This allows the router and other apps on our node to sniff packets (usually routing) between other