fix: warning on decode lenght

opentibiabr · Dec 21, 2024 · aa237aa · aa237aa
1 parent 34b6fa8
commit aa237aa
Showing 1 changed file with 11 additions and 5 deletions.
diff --git a/src/security/rsa.cpp b/src/security/rsa.cpp
@@ -164,25 +164,31 @@ enum {
 	CRYPT_RSA_ASN1_BITSTRING = 3
 };
 
-uint16_t RSA::decodeLength(char*&pos) const {
+uint16_t RSA::decodeLength(char*& pos) const {
 	std::array<uint8_t, 4> buffer = { 0 };
 	uint16_t length = static_cast<uint8_t>(*pos++);
 	if (length & 0x80) {
 		uint8_t numLengthBytes = length & 0x7F;
 		if (numLengthBytes > 4) {
-			g_logger().error("[RSA::loadPEM] - Invalid 'length'");
+			g_logger().error("[RSA::decodeLength] - Invalid 'length'");
 			return 0;
 		}
-		// Copy 'numLengthBytes' bytes from 'pos' into 'buffer', starting at the correct position
-		std::ranges::copy_n(pos, numLengthBytes, buffer.begin() + (4 - numLengthBytes));
+		// Adjust the copy destination to ensure it doesn't overflow
+		auto destIt = buffer.begin() + (4 - numLengthBytes);
+		if (destIt < buffer.begin() || destIt + numLengthBytes > buffer.end()) {
+			g_logger().error("[RSA::decodeLength] - Invalid copy range");
+			return 0;
+		}
+		// Copy 'numLengthBytes' bytes from 'pos' into 'buffer'
+		std::copy_n(pos, numLengthBytes, destIt);
 		pos += numLengthBytes;
 		// Reconstruct 'length' from 'buffer' (big-endian)
 		uint32_t tempLength = 0;
 		for (size_t i = 0; i < numLengthBytes; ++i) {
 			tempLength = (tempLength << 8) | buffer[4 - numLengthBytes + i];
 		}
 		if (tempLength > UINT16_MAX) {
-			g_logger().error("[RSA::loadPEM] - Length too large");
+			g_logger().error("[RSA::decodeLength] - Length too large");
 			return 0;
 		}
 		length = static_cast<uint16_t>(tempLength);