Please sign in to comment.
Properly error when asked to skip an unknown field type
Summary: We weren't returning an error when asked to skip over a field with and unknown type. In this particular test case the code attempts to skip over a map with a large number of fields of unknown type and the ~3B noop calls take almost 30s. A misbehaving client could DoS a server by sending short messages that take a long time to parse. There may have been other failure modes as well. The test covers the binary protocol because that is where the issue was found. However, the issue is common to all protocols. This fixes CVE-2019-3552. Reviewed By: spalamarchuk Differential Revision: D14088980 fbshipit-source-id: 8a9d63260db717347217a8d2ac883c4ce331d964
- Loading branch information...
Showing with 25 additions and 3 deletions.