From 97688ed07455a7822bd3163443cd92ba2506878a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Joakim=20Frosteg=C3=A5rd?= Date: Fri, 2 Feb 2024 14:08:08 +0100 Subject: [PATCH] udp: disallow announce requests with port value of 0 --- CHANGELOG.md | 1 + crates/udp_protocol/src/request.rs | 14 ++++++++++---- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 13746dc..560f800 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -39,6 +39,7 @@ #### Fixed * Quit whole application if any worker thread quits +* Disallow announce requests with port value of 0 ### aquatic_http diff --git a/crates/udp_protocol/src/request.rs b/crates/udp_protocol/src/request.rs index a60791b..cea19c4 100644 --- a/crates/udp_protocol/src/request.rs +++ b/crates/udp_protocol/src/request.rs @@ -58,15 +58,21 @@ impl Request { let request = AnnounceRequest::read_from_prefix(bytes) .ok_or_else(|| RequestParseError::unsendable_text("invalid data"))?; - // Make sure not to create AnnounceEventBytes with invalid value - if matches!(request.event.0.get(), (0..=3)) { - Ok(Request::Announce(request)) - } else { + if request.port.0.get() == 0 { + Err(RequestParseError::sendable_text( + "Port can't be 0", + request.connection_id, + request.transaction_id, + )) + } else if !matches!(request.event.0.get(), (0..=3)) { + // Make sure not to allow AnnounceEventBytes with invalid value Err(RequestParseError::sendable_text( "Invalid announce event", request.connection_id, request.transaction_id, )) + } else { + Ok(Request::Announce(request)) } } // Scrape