mirror of
https://github.com/golang/go
synced 2024-11-22 03:54:39 -07:00
gob: protect against invalid message length
Fixes #2301. R=golang-dev, gri CC=golang-dev https://golang.org/cl/5134048
This commit is contained in:
parent
6c230fbc67
commit
4c462e6fd7
@ -58,6 +58,8 @@ func (dec *Decoder) recvType(id typeId) {
|
||||
dec.wireType[id] = wire
|
||||
}
|
||||
|
||||
var errBadCount = gobError{os.NewError("invalid message length")}
|
||||
|
||||
// recvMessage reads the next count-delimited item from the input. It is the converse
|
||||
// of Encoder.writeMessage. It returns false on EOF or other error reading the message.
|
||||
func (dec *Decoder) recvMessage() bool {
|
||||
@ -67,6 +69,10 @@ func (dec *Decoder) recvMessage() bool {
|
||||
dec.err = err
|
||||
return false
|
||||
}
|
||||
if nbytes >= 1<<31 {
|
||||
dec.err = errBadCount
|
||||
return false
|
||||
}
|
||||
dec.readMessage(int(nbytes))
|
||||
return dec.err == nil
|
||||
}
|
||||
|
@ -628,3 +628,13 @@ func TestSliceReusesMemory(t *testing.T) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Used to crash: negative count in recvMessage.
|
||||
func TestBadCount(t *testing.T) {
|
||||
b := []byte{0xfb, 0xa5, 0x82, 0x2f, 0xca, 0x1}
|
||||
if err := NewDecoder(bytes.NewBuffer(b)).Decode(nil); err == nil {
|
||||
t.Error("expected error from bad count")
|
||||
} else if err.String() != errBadCount.String() {
|
||||
t.Error("expected bad count error; got", err)
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user