Fixing property offset and length overflow

jruizgit · Apr 20, 2020 · b7102ec · b7102ec
1 parent 95ffe8b
commit b7102ec
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 10 deletions.
diff --git a/durable_rules.gemspec b/durable_rules.gemspec
@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name        = 'durable_rules'
-  s.version     = '2.0.25'
+  s.version     = '2.0.26'
   s.summary     = "for real time analytics (a Ruby Rules Engine)"
   s.description = "A lightweight library for real-time, consistent and scalable coordination of events."
   s.authors     = ["Jesus Ruiz"]

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "durable",
-  "version": "2.0.33",
+  "version": "2.0.34",
   "description": "A lightweight rules engine for real-time, consistent and scalable coordination of events.",
   "keywords": [
     "business rules",

diff --git a/setup.py b/setup.py
@@ -41,7 +41,7 @@ def build(self):
 
 setup (
     name = 'durable_rules',
-    version = '2.0.26',
+    version = '2.0.27',
     description = 'for real time analytics (a Python Rules Engine)',
     long_description=long_description,
     url='https://github.com/jruizgit/rules',

diff --git a/src/rules/rules.h b/src/rules/rules.h
@@ -33,6 +33,8 @@
 #define ERR_NO_ACTION_AVAILABLE 310
 #define ERR_PROPERTY_NOT_FOUND 311
 #define ERR_OPERATION_NOT_SUPPORTED 312
+#define ERR_EVENT_MAX_OBJECT_SIZE 313
+#define ERR_EVENT_MAX_OBJECT_PROPERTY_SIZE 314
 #define ERR_PARSE_REGEX 501
 #define ERR_REGEX_MAX_TRANSITIONS 502
 #define ERR_REGEX_MAX_STATES 503

diff --git a/src/rules/state.c b/src/rules/state.c
@@ -1378,8 +1378,17 @@ unsigned int getObjectProperty(jsonObject *jo,
 unsigned int setObjectProperty(jsonObject *jo, 
                                unsigned int hash, 
                                unsigned char type, 
-                               unsigned short valueOffset, 
-                               unsigned short valueLength) {
+                               unsigned int valueOffset, 
+                               unsigned int valueLength) {
+
+    if (valueLength >= MAX_OBJECT_PROPERTY_SIZE) {
+        return ERR_EVENT_MAX_OBJECT_PROPERTY_SIZE;
+    }
+
+    if (valueOffset >= (MAX_OBJECT_SIZE - MAX_OBJECT_PROPERTY_SIZE)) {
+        return ERR_EVENT_MAX_OBJECT_SIZE;
+    }
+
     jsonProperty *property = &jo->properties[jo->propertiesLength]; 
     ++jo->propertiesLength;
     if (jo->propertiesLength == MAX_OBJECT_PROPERTIES) {

diff --git a/src/rules/state.h b/src/rules/state.h
@@ -1,5 +1,5 @@
 
-#include <time.h> 
+#include <time.h>
 
 #define HASH_ID 926444256
 #define HASH_SID 3593476751
@@ -18,6 +18,8 @@
 
 #define UNDEFINED_HASH_OFFSET 0
 #define MAX_OBJECT_PROPERTIES 255
+#define MAX_OBJECT_SIZE 4294967296
+#define MAX_OBJECT_PROPERTY_SIZE 16777216
 #define MAX_MESSAGE_FRAMES 16
 #define MAX_MESSAGE_INDEX_LENGTH 512
 #define MAX_LEFT_FRAME_INDEX_LENGTH 512
@@ -64,8 +66,8 @@ typedef struct pool {
 typedef struct jsonProperty {
     unsigned int hash;
     unsigned char type;
-    unsigned short valueOffset;
-    unsigned short valueLength;
+    unsigned int valueOffset;
+    unsigned int valueLength;
     union {
         long long i; 
         double d; 
@@ -193,8 +195,8 @@ unsigned int getObjectProperty(jsonObject *jo,
 unsigned int setObjectProperty(jsonObject *jo, 
                                unsigned int hash, 
                                unsigned char type, 
-                               unsigned short valueOffset, 
-                               unsigned short valueLength);
+                               unsigned int valueOffset, 
+                               unsigned int valueLength);
 
 unsigned int constructObject(char *root,
                              char *parentName,