Check gossip message decoded length before decoding (#6663)

* Check gossip message decoded length before decoding
* gofmt
* Merge refs/heads/master into snappy-decodedlen-check
* Merge refs/heads/master into snappy-decodedlen-check
* Merge refs/heads/master into snappy-decodedlen-check
* @nisdas feedback
This commit is contained in:
Preston Van Loon 2020-07-21 12:14:34 -07:00 committed by GitHub
parent 367738e83b
commit 784f4169ef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 7 deletions

View File

@ -99,14 +99,14 @@ func (e SszNetworkEncoder) doDecode(b []byte, to interface{}) error {
// DecodeGossip decodes the bytes to the protobuf gossip message provided.
func (e SszNetworkEncoder) DecodeGossip(b []byte, to interface{}) error {
var err error
size, err := snappy.DecodedLen(b)
if uint64(size) > MaxGossipSize {
return errors.Errorf("gossip message exceeds max gossip size: %d bytes > %d bytes", size, MaxGossipSize)
}
b, err = snappy.Decode(nil /*dst*/, b)
if err != nil {
return err
}
if uint64(len(b)) > MaxGossipSize {
return errors.Errorf("gossip message exceeds max gossip size: %d bytes > %d bytes", len(b), MaxGossipSize)
}
return e.doDecode(b, to)
}

View File

@ -2,6 +2,7 @@ package encoder_test
import (
"bytes"
"encoding/binary"
"fmt"
"testing"
@ -19,10 +20,13 @@ func TestSszNetworkEncoder_RoundTrip(t *testing.T) {
testRoundTripWithGossip(t, e)
}
func TestSszNetworkEncoder_RoundTrip_Snappy(t *testing.T) {
func TestSszNetworkEncoder_FailsSnappyLength(t *testing.T) {
e := &encoder.SszNetworkEncoder{}
testRoundTripWithLength(t, e)
testRoundTripWithGossip(t, e)
att := &testpb.TestSimpleMessage{}
data := make([]byte, 32)
binary.PutUvarint(data, encoder.MaxGossipSize+32)
err := e.DecodeGossip(data, att)
require.ErrorContains(t, "gossip message exceeds max gossip size", err)
}
func testRoundTripWithLength(t *testing.T, e *encoder.SszNetworkEncoder) {