Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix interledger-packet::ErrorCode too lenient parsing #716

Merged
merged 3 commits into from
May 6, 2021
Merged

Fix interledger-packet::ErrorCode too lenient parsing #716

merged 3 commits into from
May 6, 2021

Conversation

koivunej
Copy link
Collaborator

@koivunej koivunej commented May 4, 2021
edited
Loading

Found this crash stashed away, which wasn't because of ErrorCode or parsing, but because of too strict fuzz_target. This PR fixes:

  • allow only IA5String (ascii) error codes as is in the ASN.1 definition
  • handle debug and display output for the error codes with control characters gracefully
  • remove string allocation in ErrorCode's Debug impl

There's some churn related to the roundtrip test fn being added and removed, but I'll follow up with a better fuzz/fuzz_targets/packet.rs after this PR.

Cc: #705

@koivunej koivunej requested a review from pradovic May 4, 2021 16:39
@koivunej koivunej requested a review from emschwartz as a code owner May 4, 2021 16:39
@koivunej koivunej removed the request for review from emschwartz May 4, 2021 16:44
@koivunej
Copy link
Collaborator Author

koivunej commented May 4, 2021

Oki, a few force pushes later, I think this is ready to go :)

koivunej
koivunej commented May 4, 2021
View reviewed changes
crates/interledger-packet/src/packet.rs
use std::convert::TryFrom;

#[test]
fn fuzzed_0_non_utf8_error_code() {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
fn fuzzed_0_non_utf8_error_code() {
fn fuzzed_0_non_ascii_error_code() {

I'll handle this in the follow-up.

@koivunej
test(packet): fuzzed invalid error code
576a967 
the rfc says it's an IA5STRING but it's being expected to be any 3
bytes, which are later assumed to be UTF-8 (as IA5STRING would be) in
the ErrorCode implementation.

Signed-off-by: Joonas Koivunen <joonas.koivunen@gmail.com>
@koivunej
fix(packet)!: accept only IA5String ErrorCodes
9b59813 
This is a breaking change since this modifies the signature of
interledger_packet::ErrorCode::new.

Signed-off-by: Joonas Koivunen <joonas.koivunen@gmail.com>
@koivunej
fix(packet): errorcode is ascii, escape control ch
1b5781a 
this modifies the existing behaviour so that Display and Debug
formatters now escape if any control characters are present using str's
Debug implementation.

Signed-off-by: Joonas Koivunen <joonas.koivunen@gmail.com>
@koivunej koivunej merged commit 61660c9 into interledger:master May 6, 2021
@koivunej koivunej deleted the packet_errorcode_debug branch May 6, 2021 12:20
This was referenced May 6, 2021
Merged
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pradovic pradovic pradovic approved these changes

Assignees
No one assigned
Labels
breaking
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@koivunej @pradovic