fix: warning on decode lenght (opentibiabr#3188)

Resolves opentibiabr#3002
vllworldbuilding · Dec 21, 2024 · 145da70 · 145da70
1 parent ba2c41f
commit 145da70
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/src/security/rsa.cpp b/src/security/rsa.cpp
@@ -170,19 +170,25 @@ uint16_t RSA::decodeLength(char*&pos) const {
 	if (length & 0x80) {
 		uint8_t numLengthBytes = length & 0x7F;
 		if (numLengthBytes > 4) {
-			g_logger().error("[RSA::loadPEM] - Invalid 'length'");
+			g_logger().error("[RSA::decodeLength] - Invalid 'length'");
 			return 0;
 		}
-		// Copy 'numLengthBytes' bytes from 'pos' into 'buffer', starting at the correct position
-		std::ranges::copy_n(pos, numLengthBytes, buffer.begin() + (4 - numLengthBytes));
+		// Adjust the copy destination to ensure it doesn't overflow
+		auto destIt = buffer.begin() + (4 - numLengthBytes);
+		if (destIt < buffer.begin() || destIt + numLengthBytes > buffer.end()) {
+			g_logger().error("[RSA::decodeLength] - Invalid copy range");
+			return 0;
+		}
+		// Copy 'numLengthBytes' bytes from 'pos' into 'buffer'
+		std::copy_n(pos, numLengthBytes, destIt);
 		pos += numLengthBytes;
 		// Reconstruct 'length' from 'buffer' (big-endian)
 		uint32_t tempLength = 0;
 		for (size_t i = 0; i < numLengthBytes; ++i) {
 			tempLength = (tempLength << 8) | buffer[4 - numLengthBytes + i];
 		}
 		if (tempLength > UINT16_MAX) {
-			g_logger().error("[RSA::loadPEM] - Length too large");
+			g_logger().error("[RSA::decodeLength] - Length too large");
 			return 0;
 		}
 		length = static_cast<uint16_t>(tempLength);