From 7d83d122df1b1297ff934107baf979a23d4dcbc6 Mon Sep 17 00:00:00 2001
From: Ian Gulliver <flamingcow@gmail.com>
Date: Fri, 26 Feb 2016 20:58:23 -0800
Subject: [PATCH] Fix server_id overflow due to utf8 blowup in json.

---
 adsbus/json.c   |  4 ++++
 adsbus/packet.c | 22 +++++++++++++++++++++-
 adsbus/packet.h |  2 ++
 adsbus/proto.c  |  4 ++++
 4 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/adsbus/json.c b/adsbus/json.c
index 80b8019..31c30f3 100644
--- a/adsbus/json.c
+++ b/adsbus/json.c
@@ -99,6 +99,10 @@ static bool json_parse_header(json_t *in, struct packet *packet, struct json_par
 	state->mlat_timestamp_max = (uint64_t) mlat_timestamp_max;
 	state->rssi_max = (uint32_t) rssi_max;
 
+	if (!packet_validate_id((const uint8_t *) json_server_id)) {
+		return false;
+	}
+
 	if (!strcmp(json_server_id, (const char *) server_id)) {
 		fprintf(stderr, "R %s: Attempt to receive json data from our own server ID (%s); loop!\n", packet->source_id, server_id);
 		return false;
diff --git a/adsbus/packet.c b/adsbus/packet.c
index 296b015..b35f75d 100644
--- a/adsbus/packet.c
+++ b/adsbus/packet.c
@@ -1,4 +1,8 @@
 #include <assert.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "uuid.h"
 
 #include "packet.h"
 
@@ -47,8 +51,24 @@ uint32_t packet_rssi_scale_out(uint32_t value, uint32_t max) {
 }
 
 void packet_sanity_check(const struct packet *packet) {
-	assert(packet->source_id);
+	assert(packet_validate_id(packet->source_id));
 	assert(packet->type > PACKET_TYPE_NONE && packet->type < NUM_TYPES);
 	assert(packet->mlat_timestamp <= PACKET_MLAT_MAX);
 	assert(packet->rssi <= PACKET_RSSI_MAX);
 }
+
+bool packet_validate_id(const uint8_t *id) {
+	if (!id) {
+		return false;
+	}
+	for (size_t i = 0; i < UUID_LEN; i++) {
+		uint8_t c = id[i];
+		if (c == 0) {
+			return true;
+		}
+		if (c < 32 || c > 126) {
+			return false;
+		}
+	}
+	return false;
+}
diff --git a/adsbus/packet.h b/adsbus/packet.h
index 731c350..ebb5420 100644
--- a/adsbus/packet.h
+++ b/adsbus/packet.h
@@ -1,5 +1,6 @@
 #pragma once
 
+#include <stdbool.h>
 #include <stdint.h>
 
 #define PACKET_DATA_LEN_MAX 14
@@ -34,3 +35,4 @@ uint32_t __attribute__ ((warn_unused_result)) packet_rssi_scale_in(uint32_t, uin
 uint32_t __attribute__ ((warn_unused_result)) packet_rssi_scale_out(uint32_t, uint32_t);
 
 void packet_sanity_check(const struct packet *);
+bool __attribute__ ((warn_unused_result)) packet_validate_id(const uint8_t *);
diff --git a/adsbus/proto.c b/adsbus/proto.c
index 4026148..0a00108 100644
--- a/adsbus/proto.c
+++ b/adsbus/proto.c
@@ -9,6 +9,7 @@
 #include "buf.h"
 #include "packet.h"
 #include "server.h"
+#include "uuid.h"
 
 #include "adsb.pb-c.h"
 #include "proto.h"
@@ -99,6 +100,9 @@ static bool proto_parse_packet(AdsbPacket *in, struct packet *packet, struct pro
 		return false;
 	}
 
+	if (!packet_validate_id((const uint8_t *) in->source_id)) {
+		return false;
+	}
 	packet->source_id = (uint8_t *) in->source_id;
 	memcpy(packet->payload, in->payload.data, len);