Skip to content
Permalink
Browse files Browse the repository at this point in the history
Enforce a limit on value bytes size
Summary:
Enforce a limit on value bytes size

This is a fix for CVE-2019-11923

Reviewed By: stuclar

Differential Revision: D16471999

fbshipit-source-id: 9d614da8534e20935b1561c613bb81defd7d470a
  • Loading branch information
Krishna Kondaka authored and facebook-github-bot committed Jul 30, 2019
1 parent 0b92632 commit 98ce662
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
3 changes: 3 additions & 0 deletions mcrouter/lib/network/McAsciiParser.h
Expand Up @@ -81,6 +81,9 @@ class McAsciiParserBase {
const char* posStart,
const char* posEnd);

// limit the value size.
static constexpr uint32_t maxValueBytes = 1 * 1024 * 1024 * 1024; // 1GB

std::string currentErrorDescription_;

uint64_t currentUInt_{0};
Expand Down
4 changes: 4 additions & 0 deletions mcrouter/lib/network/McAsciiParser.rl
Expand Up @@ -137,6 +137,10 @@ exptime_req = negative? uint %{

value_bytes = uint %{
remainingIOBufLength_ = static_cast<size_t>(currentUInt_);
// Enforce maximum on value size obtained from parser
if (remainingIOBufLength_ > maxValueBytes) {
remainingIOBufLength_ = maxValueBytes;
}
};

cas_id = uint %{
Expand Down

0 comments on commit 98ce662

Please sign in to comment.