rbxii3/firmware
1
0
Fork 0
mirror of https://github.com/meshtastic/firmware.git synced 2025-12-22 18:52:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2179 from nukevoid/master

Browse Source 
Fix vulnerability with "h.from == 0"
This commit is contained in:
GUVWAF
2023-01-21 12:37:50 +01:00
committed by GitHub
parent 8f5338dc85 7f9e638140
commit c628c70db2
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/mesh/RadioLibInterface.cpp
View File

@@ -347,9 +347,13 @@ QueueStatus RadioLibInterface::getQueueStatus()
airTime->logAirtime(RX_ALL_LOG, xmitMsec);
} else {
const PacketHeader *h = (PacketHeader *)radiobuf;
rxGood++;
// altered packet with "from == 0" can do Remote Node Administration without permission
if (h->from == 0) {
LOG_WARN("ignoring received packet without sender\n");
return;
}
// Note: we deliver _all_ packets to our router (i.e. our interface is intentionally promiscuous).
// This allows the router and other apps on our node to sniff packets (usually routing) between other
// nodes.