Skip to content

Commit

Permalink
fix: length overflow
Browse files Browse the repository at this point in the history 
Change-Id: I264be2c190bb6d45053a693ac3eb4b8fd90b9d6f
  • Loading branch information
@andeya
andeya committed Mar 15, 2021
1 parent b23c46b commit 87ff9fa
Show file tree
Hide file tree
Showing 4 changed files with 45 additions and 11 deletions.
5 changes: 3 additions & 2 deletions proto/httproto/httproto.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,13 @@ import (
"strings"
"sync"

"github.com/henrylee2cn/goutil"

"github.com/henrylee2cn/erpc/v6"
"github.com/henrylee2cn/erpc/v6/codec"
"github.com/henrylee2cn/erpc/v6/utils"
"github.com/henrylee2cn/erpc/v6/xfer"
"github.com/henrylee2cn/erpc/v6/xfer/gzip"
"github.com/henrylee2cn/goutil"
)

var (
Expand Down Expand Up @@ -394,7 +395,7 @@ func (h *httproto) unpack(m erpc.Message, bb *utils.ByteBuffer) (size int, msg [
}
m.Meta().SetBytesKV(a[0], a[1])
}
if bodySize == 0 {
if bodySize <= 0 {
return size, msg, nil
}
bb.ChangeLen(bodySize)
Expand Down
18 changes: 18 additions & 0 deletions socket/message_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,8 @@ package socket
import (
"testing"

"github.com/stretchr/testify/assert"

"github.com/henrylee2cn/erpc/v6/xfer/gzip"
)

Expand All @@ -26,3 +28,19 @@ func TestMessageString(t *testing.T) {
t.Logf("%%#v:%#v", m)
t.Logf("%%+v:%+v", m)
}

func TestUint32Minus(t *testing.T) {
a := 1
a, err := minus(a, 4)
assert.EqualError(t, err, "raw proto: bad package")
assert.Equal(t, int(1), a)
a, err = minus(a, 0)
assert.NoError(t, err)
assert.Equal(t, int(1), a)
a, err = minus(a, 1)
assert.NoError(t, err)
assert.Equal(t, int(0), a)
a, err = minus(a, 1)
assert.EqualError(t, err, "raw proto: bad package")
assert.Equal(t, int(0), a)
}
31 changes: 23 additions & 8 deletions socket/protocol.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,9 @@ import (
"strconv"
"sync"

"github.com/henrylee2cn/erpc/v6/utils"
"github.com/henrylee2cn/goutil"

"github.com/henrylee2cn/erpc/v6/utils"
)

type (
Expand Down Expand Up @@ -229,12 +230,16 @@ func (r *rawProto) readMessage(bb *utils.ByteBuffer, m Message) error {
if err != nil {
return err
}
lastSize := binary.BigEndian.Uint32(bb.B)
if err = m.SetSize(lastSize); err != nil {
_lastSize := binary.BigEndian.Uint32(bb.B)
if err = m.SetSize(_lastSize); err != nil {
return err
}
lastSize -= 4
bb.ChangeLen(int(lastSize))
lastSize := int(_lastSize)
lastSize, err = minus(lastSize, 4)
if err != nil {
return err
}
bb.ChangeLen(lastSize)

// transfer pipe
_, err = io.ReadFull(r.r, bb.B[:1])
Expand All @@ -252,14 +257,24 @@ func (r *rawProto) readMessage(bb *utils.ByteBuffer, m Message) error {
return err
}
}
lastSize -= (1 + uint32(xferLen))

lastSize, err = minus(lastSize, 1+int(xferLen))
if err != nil {
return err
}
// read last all
bb.ChangeLen(int(lastSize))
bb.ChangeLen(lastSize)
_, err = io.ReadFull(r.r, bb.B)
return err
}

func minus(a int, b int) (int, error) {
r := a - b
if r < 0 || b < 0 {
return a, errors.New("raw proto: bad package")
}
return r, nil
}

func (r *rawProto) readHeader(data []byte, m Message) ([]byte, error) {
// seq
seqLen := data[0]
Expand Down
2 changes: 1 addition & 1 deletion utils/bytebuffer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,7 @@ func (b *ByteBuffer) Reset() {
func (b *ByteBuffer) ChangeLen(newLen int) {
if cap(b.B) < newLen {
b.B = make([]byte, newLen)
} else {
} else if newLen >= 0 {
b.B = b.B[:newLen]
}
}
Expand Down

0 comments on commit 87ff9fa

Please sign in to comment.