client/connection: verify the message_cast result (nullptr dereference)

If the server sends a mismatching reply to a `Time` request packet, the client crashes due to nullptr dereference because it uses message_cast() but does not verify the result.
2025-08-01 15:49:56 +02:00 · 2021-02-17 12:43:17 +01:00 · 2021-02-17 12:43:17 +01:00 · ae9ad7e3d2
commit ae9ad7e3d2
parent 947a5d1399
1 changed files with 3 additions and 1 deletions
--- a/client/client_connection.hpp
+++ b/client/client_connection.hpp
@ -153,8 +153,10 @@ public:
        sendRequest(message, timeout, [handler](const boost::system::error_code& ec, std::unique_ptr<msg::BaseMessage> response) {
            if (ec)
                handler(ec, nullptr);
+            else if (auto casted_response = msg::message_cast<Message>(std::move(response)))
+                handler(ec, std::move(casted_response));
            else
-                handler(ec, msg::message_cast<Message>(std::move(response)));
+                handler(boost::system::errc::make_error_code(boost::system::errc::bad_message), nullptr);
        });
    }