Initialise the length fields of the reader struct in decode_message, even if...

Initialise the length fields of the reader struct in decode_message, even if the message is invalid, fixes a crash where the message was too short

Initialise the length fields of the reader struct in decode_message, even if...
a4b29278 · Mark Haines · 76ecd85c · a4b29278 · a4b29278
Commit a4b29278 authored 9 years ago by Mark Haines
--- a/src/message.cpp
+++ b/src/message.cpp
@@ -204,13 +204,16 @@ void olm::decode_message(
    std::uint8_t const * end = input + input_length - mac_length;
    std::uint8_t const * unknown = nullptr;
-    if (pos == end) return;
-    reader.version = *(pos++);
    reader.input = input;
    reader.input_length = input_length;
    reader.has_counter = false;
    reader.ratchet_key = nullptr;
+    reader.ratchet_key_length = 0;
    reader.ciphertext = nullptr;
+    reader.ciphertext_length = 0;
+    if (pos == end) return;
+    reader.version = *(pos++);
    while (pos != end) {
        pos = decode(
@@ -284,12 +287,17 @@ void olm::decode_one_time_key_message(
    std::uint8_t const * end = input + input_length;
    std::uint8_t const * unknown = nullptr;
-    if (pos == end) return;
-    reader.version = *(pos++);
    reader.one_time_key = nullptr;
+    reader.one_time_key_length = 0;
    reader.identity_key = nullptr;
+    reader.identity_key_length = 0;
    reader.base_key = nullptr;
+    reader.base_key_length = 0;
    reader.message = nullptr;
+    reader.message_length = 0;
+    if (pos == end) return;
+    reader.version = *(pos++);
    while (pos != end) {
        pos = decode(

--- a/tests/test_olm_decrypt.cpp
+++ b/tests/test_olm_decrypt.cpp
@@ -3,7 +3,8 @@
 const char * test_cases[] = {
    "41776f",
-    "7fff6f0101346d671201"
+    "7fff6f0101346d671201",
+    "ee776f41496f674177804177778041776f6716670a677d6f670a67c2677d",
 };