From 3eaa054c6832604c6b2b7491b7639466cf9f1820 Mon Sep 17 00:00:00 2001 From: a_filonichev Date: Fri, 20 Jan 2023 01:38:13 +0200 Subject: [PATCH] Fix vulnerability with "h.from == 0" // altered packed with "from == 0" can do Remote Node Administration without permission --- src/mesh/RadioLibInterface.cpp | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/mesh/RadioLibInterface.cpp b/src/mesh/RadioLibInterface.cpp index eb17dbe37..e24bd75c0 100644 --- a/src/mesh/RadioLibInterface.cpp +++ b/src/mesh/RadioLibInterface.cpp @@ -347,7 +347,11 @@ QueueStatus RadioLibInterface::getQueueStatus() airTime->logAirtime(RX_ALL_LOG, xmitMsec); } else { const PacketHeader *h = (PacketHeader *)radiobuf; - + // altered packed with "from == 0" can do Remote Node Administration without permission + if (h->from == 0) { + LOG_WARN("ignoring received packet without sender\n"); + return; + } rxGood++; // Note: we deliver _all_ packets to our router (i.e. our interface is intentionally promiscuous).