From f02223d6baa37a00fe6229650e7bc7b36c5e7105 Mon Sep 17 00:00:00 2001
From: B Horn <b@horn.uk>
Date: Fri, 10 Jul 2020 19:45:11 +0100
Subject: [PATCH] Checks to avoid null dereferences in NetworkServer

Various commands in NetworkServer require extra data. However, if the
packet size is set to 0 for these, the code will skip over reading the
data in and allocating memory. This results in null dereferences.

This patch adds checks to the relevant commands to make sure they don't
continue reading a null pointer.
---
 NetworkServer.cpp | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/NetworkServer.cpp b/NetworkServer.cpp
index 25084a45..bad804ff 100644
--- a/NetworkServer.cpp
+++ b/NetworkServer.cpp
@@ -461,10 +461,20 @@ void NetworkServer::ListenThreadFunction(NetworkClientInfo * client_info)
                 break;
 
             case NET_PACKET_ID_SET_CLIENT_NAME:
+                if(data == NULL)
+                {
+                    break;
+                }
+
                 ProcessRequest_ClientString(client_sock, header.pkt_size, data);
                 break;
 
             case NET_PACKET_ID_RGBCONTROLLER_RESIZEZONE:
+                if(data == NULL)
+                {
+                    break;
+                }
+
                 if((header.pkt_dev_idx < controllers.size()) && (header.pkt_size == (2 * sizeof(int))))
                 {
                     int zone;
@@ -478,6 +488,11 @@ void NetworkServer::ListenThreadFunction(NetworkClientInfo * client_info)
                 break;
 
             case NET_PACKET_ID_RGBCONTROLLER_UPDATELEDS:
+                if(data == NULL)
+                {
+                    break;
+                }
+
                 if(header.pkt_dev_idx < controllers.size())
                 {
                     controllers[header.pkt_dev_idx]->SetColorDescription((unsigned char *)data);
@@ -486,6 +501,11 @@ void NetworkServer::ListenThreadFunction(NetworkClientInfo * client_info)
                 break;
 
             case NET_PACKET_ID_RGBCONTROLLER_UPDATEZONELEDS:
+                if(data == NULL)
+                {
+                    break;
+                }
+
                 if(header.pkt_dev_idx < controllers.size())
                 {
                     int zone;
@@ -498,6 +518,11 @@ void NetworkServer::ListenThreadFunction(NetworkClientInfo * client_info)
                 break;
 
             case NET_PACKET_ID_RGBCONTROLLER_UPDATESINGLELED:
+                if(data == NULL)
+                {
+                    break;
+                }
+
                 if(header.pkt_dev_idx < controllers.size())
                 {
                     int led;
@@ -517,6 +542,11 @@ void NetworkServer::ListenThreadFunction(NetworkClientInfo * client_info)
                 break;
 
             case NET_PACKET_ID_RGBCONTROLLER_UPDATEMODE:
+                if(data == NULL)
+                {
+                    break;
+                }
+
                 if(header.pkt_dev_idx < controllers.size())
                 {
                     controllers[header.pkt_dev_idx]->SetModeDescription((unsigned char *)data);