mirror of
https://github.com/golang/go
synced 2024-11-25 18:17:56 -07:00
gob: protect against invalid message length
Fixes #2301. R=golang-dev, gri CC=golang-dev https://golang.org/cl/5134048
This commit is contained in:
parent
6c230fbc67
commit
4c462e6fd7
@ -58,6 +58,8 @@ func (dec *Decoder) recvType(id typeId) {
|
|||||||
dec.wireType[id] = wire
|
dec.wireType[id] = wire
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var errBadCount = gobError{os.NewError("invalid message length")}
|
||||||
|
|
||||||
// recvMessage reads the next count-delimited item from the input. It is the converse
|
// recvMessage reads the next count-delimited item from the input. It is the converse
|
||||||
// of Encoder.writeMessage. It returns false on EOF or other error reading the message.
|
// of Encoder.writeMessage. It returns false on EOF or other error reading the message.
|
||||||
func (dec *Decoder) recvMessage() bool {
|
func (dec *Decoder) recvMessage() bool {
|
||||||
@ -67,6 +69,10 @@ func (dec *Decoder) recvMessage() bool {
|
|||||||
dec.err = err
|
dec.err = err
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
if nbytes >= 1<<31 {
|
||||||
|
dec.err = errBadCount
|
||||||
|
return false
|
||||||
|
}
|
||||||
dec.readMessage(int(nbytes))
|
dec.readMessage(int(nbytes))
|
||||||
return dec.err == nil
|
return dec.err == nil
|
||||||
}
|
}
|
||||||
|
@ -628,3 +628,13 @@ func TestSliceReusesMemory(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Used to crash: negative count in recvMessage.
|
||||||
|
func TestBadCount(t *testing.T) {
|
||||||
|
b := []byte{0xfb, 0xa5, 0x82, 0x2f, 0xca, 0x1}
|
||||||
|
if err := NewDecoder(bytes.NewBuffer(b)).Decode(nil); err == nil {
|
||||||
|
t.Error("expected error from bad count")
|
||||||
|
} else if err.String() != errBadCount.String() {
|
||||||
|
t.Error("expected bad count error; got", err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user