micro-http: unsigned Content-Length + several checked arithmetic operations #1985
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ioanachirca
reviewed
Jul 1, 2020
src/micro_http/src/connection.rs
Outdated
| .ok_or(ConnectionError::ParseError(RequestError::Overflow))?; | ||
|
|
||
| // Get the line slice and parse it. | ||
| // The slice access is safe becase `line_end_index` is a sum of `line_end_index` |
Contributor
There was a problem hiding this comment.
maybe
Suggested change
| // The slice access is safe becase `line_end_index` is a sum of `line_end_index` | |
| // The slice access is safe because `line_end_index` is a sum of `line_start_index` |
?
ioanachirca
previously approved these changes
Jul 1, 2020
src/micro_http/src/connection.rs
Outdated
| self.body_vec | ||
| .extend_from_slice(&self.buffer[*line_start_index..end_cursor]); | ||
| self.body_bytes_to_be_read -= end_cursor as i32 - *line_start_index as i32; | ||
| // Safe to substract directly as the `if` condition prevents underflow. |
Contributor
There was a problem hiding this comment.
nit:
Suggested change
| // Safe to substract directly as the `if` condition prevents underflow. | |
| // Safe to subtract directly as the `if` condition prevents underflow. |
alxiord
added
the
Status: Awaiting review
8 tasks
lauralt
reviewed
Jul 6, 2020
src/micro_http/src/connection.rs
Outdated
Comment on lines
137
to
140
| let result = bytes_read | ||
| .checked_add(self.read_cursor) | ||
| .ok_or(ConnectionError::ParseError(RequestError::Overflow))?; | ||
| Ok(result) |
There was a problem hiding this comment.
Suggested change
| let result = bytes_read | |
| .checked_add(self.read_cursor) | |
| .ok_or(ConnectionError::ParseError(RequestError::Overflow))?; | |
| Ok(result) | |
| bytes_read | |
| .checked_add(self.read_cursor) | |
| .ok_or(ConnectionError::ParseError(RequestError::Overflow)) |
src/micro_http/src/connection.rs
Outdated
| start: &mut usize, | ||
| end: usize, | ||
| ) -> Result<bool, ConnectionError> { | ||
| if end < *start || end > self.buffer.len() { |
There was a problem hiding this comment.
For end < *start should we return Underflow instead?
Author
There was a problem hiding this comment.
That's right, good catch! Other functions where end might be before start return Underflow indeed
src/micro_http/src/connection.rs
Outdated
|
|
||
| // Get the line slice and parse it. | ||
| // The slice access is safe becase `line_end_index` is a sum of `line_end_index` | ||
| // and something else. |
There was a problem hiding this comment.
Might be worth adding that it is also safe because find assures us that line_end_index is < end_cursor or something like that :-?.
src/mmds/src/lib.rs
Outdated
| } | ||
| } | ||
| Err(e) => match e { | ||
| RequestError::BodyWithoutPendingRequest => build_response( |
There was a problem hiding this comment.
The changes in this file will need a small rebase and after that, we should test in test_parse_request_bytes_error() also the newly added error types.
Author
There was a problem hiding this comment.
After rebasing and looking more carefully I realized that the overflow checks I'd added were superfluous, so I documented the safety of the operations instead
lauralt
added
Status: Author
and removed
Status: Awaiting review
alxiord
force-pushed
the
uhttp_unsigned
branch
3 times, most recently
from
124e84b to
5a27123
Compare
...and a bunch of fixes for unchecked unsigned arithmetic in connection.rs. Added more unit tests too that exercise failure cases for over/underflows in mathematic operations. Fixes firecracker-microvm#1977 Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
lauralt
approved these changes
Jul 23, 2020
ioanachirca
approved these changes
Jul 23, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reason for This PR
Fixes #1977
Description of Changes
Content-Lengthfromi32tou32.connection.rs.unwraps with error propagation, introducing new error variants.rust-vmm.License Acceptance
By submitting this pull request, I confirm that my contribution is made under
the terms of the Apache 2.0 license.
PR Checklist
[Author TODO: Meet these criteria.][Reviewer TODO: Verify that these criteria are met. Request changes if not]git commit -s).unsafecode is properly documented.firecracker/swagger.yaml.CHANGELOG.md.