Skip to content

Loading…

Use error events for malformed input #27

Merged
merged 2 commits into from

3 participants

@sorear

The context here is that I've written a node server which uses BinaryJS, and I don't want users to be able to remotely kill the server by sending bogus data, at least not easily.

@orefalo

This is great!

@ericz ericz merged commit 5a9eaf2 into binaryjs:master

1 check passed

Details default The Travis build passed
@ericz
binaryjs member

Awesome commit, thanks!

@ericz
binaryjs member

sorry that took so long, i've been preoccupied with a particularly busy semester in college.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Showing with 20 additions and 8 deletions.
  1. +20 −8 lib/client.js
View
28 lib/client.js
@@ -78,8 +78,20 @@ function BinaryClient(socket, options) {
data = data.data;
-
- data = util.unpack(data);
+ try {
+ data = util.unpack(data);
+ } catch (ex) {
+ return self.emit('error', new Error('Received unparsable message: ' + ex));
+ }
+ if (!(data instanceof Array))
+ return self.emit('error', new Error('Received non-array message'));
+ if (data.length != 3)
+ return self.emit('error', new Error('Received message with wrong part count: ' + data.length));
+ if ('number' != typeof data[0])
+ return self.emit('error', new Error('Received message with non-number type: ' + data[0]));
+ if ('number' != typeof data[2])
+ return self.emit('error', new Error('Received message with non-number streamId: ' + data[2]));
+
switch(data[0]) {
case 0:
// Reserved
@@ -97,7 +109,7 @@ function BinaryClient(socket, options) {
if(binaryStream) {
binaryStream._onData(payload);
} else {
- self.emit('error', 'Received `data` message for unknown stream: ' + streamId);
+ self.emit('error', new Error('Received `data` message for unknown stream: ' + streamId));
}
break;
case 3:
@@ -106,7 +118,7 @@ function BinaryClient(socket, options) {
if(binaryStream) {
binaryStream._onPause();
} else {
- self.emit('error', 'Received `pause` message for unknown stream: ' + streamId);
+ self.emit('error', new Error('Received `pause` message for unknown stream: ' + streamId));
}
break;
case 4:
@@ -115,7 +127,7 @@ function BinaryClient(socket, options) {
if(binaryStream) {
binaryStream._onResume();
} else {
- self.emit('error', 'Received `resume` message for unknown stream: ' + streamId);
+ self.emit('error', new Error('Received `resume` message for unknown stream: ' + streamId));
}
break;
case 5:
@@ -124,7 +136,7 @@ function BinaryClient(socket, options) {
if(binaryStream) {
binaryStream._onEnd();
} else {
- self.emit('error', 'Received `end` message for unknown stream: ' + streamId);
+ self.emit('error', new Error('Received `end` message for unknown stream: ' + streamId));
}
break;
case 6:
@@ -133,11 +145,11 @@ function BinaryClient(socket, options) {
if(binaryStream) {
binaryStream._onClose();
} else {
- self.emit('error', 'Received `close` message for unknown stream: ' + streamId);
+ self.emit('error', new Error('Received `close` message for unknown stream: ' + streamId));
}
break;
default:
- self.emit('error', 'Unrecognized message type received: ' + data[0]);
+ self.emit('error', new Error('Unrecognized message type received: ' + data[0]));
}
});
});
Something went wrong with that request. Please try again.