Fix: 7-bit issue with title and deserialization

cybermouflons · Apr 23, 2024 · 87ce41d · 87ce41d
1 parent db13977
commit 87ce41d
Showing 1 changed file with 19 additions and 7 deletions.
diff --git a/crypto/andromeda-cloud-storage/setup/server.py b/crypto/andromeda-cloud-storage/setup/server.py
@@ -27,8 +27,9 @@ def __init__(self, flag, stdin=sys.stdin.buffer, stdout=sys.stdout.buffer):
         self.registered_users = {}
         self.current_user = None
 
-        self.MAX_TITLE_LEN = 2**8 - 1
-        self.MAX_FLAG_LEN = 2**8 - 1
+        self.version = b"v1.1.1 Andromeda"
+        self.MAX_TITLE_LEN = 2**7 - 1
+        self.MAX_FLAG_LEN = 2**7 - 1
 
     def send_message(self, msg: dict):
         self.stdout.write(json.dumps(msg).encode() + b"\n")
@@ -103,9 +104,9 @@ def register_handler(self, msg):
         user["key"] = secrets.token_bytes(16)
         user.update(
             {
-                "version": b"v1.1.1 Andromeda",
+                "version": self.version,
                 "title": b"Placeholder",
-                "flag": FLAG_PART_2,
+                "flag": self.flag,
                 "data": b"",
             }
         )
@@ -161,7 +162,7 @@ def edit_title_handler(self, msg):
 
         if len(new_title) > self.MAX_TITLE_LEN:
             self.send_message(
-                {"res": "Title is longer than the max allowed length (255)"}
+                {"res": "Title is longer than the max allowed length (127)"}
             )
             return
         user = self.registered_users[self.current_user]
@@ -270,15 +271,26 @@ def restore_backup_handler(self, msg):
         serialized_backup = Encoder.decode(encoded_backup)
         pos = 0
         version = serialized_backup[pos : pos + 16]
+        if version != self.version or len(version) != 16:
+            self.send_message({"res": "Invalid format."})
+            return
         pos += 16
-        title_len = serialized_backup[pos]
+        try:
+            title_len = serialized_backup[pos]
+        except:
+            self.send_message({"res": "Invalid format."})
+            return
         pos += 1
         if len(serialized_backup[pos:]) < title_len:
             self.send_message({"res": "Invalid format."})
             return
         title = serialized_backup[pos : pos + title_len]
         pos += title_len
-        flag_len = serialized_backup[pos]
+        try:
+            flag_len = serialized_backup[pos]
+        except:
+            self.send_message({"res": "Invalid format."})
+            return
         pos += 1
         if len(serialized_backup[pos:]) < flag_len:
             self.send_message({"res": "Invalid format."})