Skip to content

Commit

Permalink
Fix: Check buffer size in JournalReader::ReadString before writing (#…
Browse files Browse the repository at this point in the history 
…1218)
  • Loading branch information
@royjacobson
royjacobson committed May 16, 2023
1 parent 964eeee commit 7ab7d8b
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 4 deletions.
11 changes: 8 additions & 3 deletions src/server/journal/serializer.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,14 +133,17 @@ template io::Result<uint16_t> JournalReader::ReadUInt<uint16_t>();
template io::Result<uint32_t> JournalReader::ReadUInt<uint32_t>();
template io::Result<uint64_t> JournalReader::ReadUInt<uint64_t>();

io::Result<size_t> JournalReader::ReadString(char* buffer) {
io::Result<size_t> JournalReader::ReadString(MutableSlice buffer) {
size_t size = 0;
SET_OR_UNEXPECT(ReadUInt<uint64_t>(), size);

if (auto ec = EnsureRead(size); ec)
return make_unexpected(ec);

buf_.ReadAndConsume(size, buffer);
if (size > buffer.size())
return make_unexpected(make_error_code(errc::bad_message));

buf_.ReadAndConsume(size, buffer.data());

return size;
}
Expand All @@ -158,9 +161,11 @@ std::error_code JournalReader::ReadCommand(journal::ParsedEntry::CmdData* data)
char* ptr = data->command_buf.get();
for (auto& span : data->cmd_args) {
size_t size;
SET_OR_RETURN(ReadString(ptr), size);
SET_OR_RETURN(ReadString({ptr, cmd_size}), size);
DCHECK(size <= cmd_size);
span = MutableSlice{ptr, size};
ptr += size;
cmd_size -= size;
}
return std::error_code{};
}
Expand Down
2 changes: 1 addition & 1 deletion src/server/journal/serializer.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ struct JournalReader {
template <typename UT> io::Result<UT> ReadUInt();

// Read and copy to buffer, return size.
io::Result<size_t> ReadString(char* buffer);
io::Result<size_t> ReadString(MutableSlice buffer);

// Read argument array into string buffer.
std::error_code ReadCommand(journal::ParsedEntry::CmdData* entry);
Expand Down

0 comments on commit 7ab7d8b

Please sign in to comment.