Check buffer size before reading in raw functions #3060
Conversation
9e7ce29 to
9a5ae84
Compare
There was a problem hiding this comment.
Reviewed 3 of 3 files at r1, 5 of 5 files at r2.
Reviewable status: all files reviewed, 5 unresolved discussions (waiting on @karampok)
go/lib/hpkt/hpkt_test.go, line 165 at r2 (raw file):
raw: append(makeCmnHdr(512+3, 64, 512, 0), make([]byte, 3)...), }, "error x": {
choose a better name for x
go/lib/hpkt/read.go, line 154 at r2 (raw file):
p.nextHdr = extn.NextHeader p.offset += len(extn.Contents)
remove
go/lib/hpkt/read.go, line 176 at r2 (raw file):
"expected", p.cmnHdr.HdrLenBytes(), "larger than ", len(p.b)) }
remove
go/lib/hpkt/read.go, line 182 at r2 (raw file):
func (p *parseCtx) DefaultAddrHdrParser() error { var err error //TODO(karampok). Hard code hdr start at (int)common.CmnHdrLen
Todo for this PR, or a future one?
go/lib/layers/extensions_layer.go, line 70 at r2 (raw file):
df.SetTruncated() return common.NewBasicError("Invalid SCION Extension header, expected length is invalid", fmt.Errorf("value %v is < 0", expectedLength))
return common.NewBasicError("Invalid SCION Extension header, length is zero", nil)
|
go/lib/hpkt/read.go, line 182 at r2 (raw file): Previously, Oncilla wrote…
Topic to discuss, I would not hardcoded but this makes is safe. What do you think? |
|
go/lib/hpkt/read.go, line 176 at r2 (raw file): Previously, Oncilla wrote…
I think this error is needed because I have removed it (or I think) from the function we call the CmdHdrParser() . If you can check versus the master commit |
There was a problem hiding this comment.
Reviewable status: all files reviewed, 5 unresolved discussions (waiting on @karampok)
go/lib/hpkt/read.go, line 176 at r2 (raw file):
Previously, karampok (Konstantinos) wrote…
I think this error is needed because I have removed it (or I think) from the function we call the CmdHdrParser() . If you can check versus the master commit
sorry I was unclear. Remove the trailing line break 😄
go/lib/hpkt/read.go, line 182 at r2 (raw file):
Previously, karampok (Konstantinos) wrote…
Topic to discuss, I would not hardcoded but this makes is safe. What do you think?
(I vote to just remove the todo)
yeah, let's just remove the todo
a3d2110 to
3b1aa58
Compare
There was a problem hiding this comment.
Reviewable status: 5 of 32 files reviewed, 5 unresolved discussions (waiting on @oncilla)
go/lib/hpkt/hpkt_test.go, line 165 at r2 (raw file):
Previously, Oncilla wrote…
choose a better name for
x
Done.
go/lib/hpkt/read.go, line 154 at r2 (raw file):
Previously, Oncilla wrote…
remove
i suppose you mean also \n
go/lib/hpkt/read.go, line 176 at r2 (raw file):
Previously, Oncilla wrote…
sorry I was unclear. Remove the trailing line break 😄
Done.
go/lib/hpkt/read.go, line 182 at r2 (raw file):
Previously, Oncilla wrote…
yeah, let's just remove the todo
Done.
go/lib/layers/extensions_layer.go, line 70 at r2 (raw file):
Previously, Oncilla wrote…
return common.NewBasicError("Invalid SCION Extension header, length is zero", nil)
Done.
There was a problem hiding this comment.
Reviewed 26 of 27 files at r3, 1 of 1 files at r4.
Reviewable status: all files reviewed, 3 unresolved discussions (waiting on @karampok)
go/lib/hpkt/hpkt_test.go, line 162 at r4 (raw file):
require.NoError(t, err) for _, f := range fs { b := xtest.MustReadFromFile(t, filepath.Join("fuzz-inputs", f.Name()))
This is good enough for now. But we should think about how we can incorporate fuzzing in our workflow, and where to put the corpus.
go/lib/hpkt/hpkt_test.go, line 173 at r4 (raw file):
err = ParseScnPkt(s, b) } require.NotPanics(t, w)
They way it is now, it cannot panic in any case.
Add a require.NotContains(t, err.Error(), "panic")
go/lib/scmp/info.go, line 253 at r4 (raw file):
func InfoExtIdxFromRaw(b common.RawBytes) (*InfoExtIdx, error) { if len(b) == 0 { return nil, common.NewBasicError("Unable to parse", nil)
"Unable to parse InfoExtIdx", otherwise the error is not really helpful.
go/lib/scmp/info_traceroute.go, line 60 at r4 (raw file):
func InfoTraceRouteFromRaw(b common.RawBytes) (*InfoTraceRoute, error) { if len(b) < traceRouteLen { return nil, common.NewBasicError("Unable to parse, small buffer size", nil)
"unable to parse InfoTraceRoute, small buffer size"
|
go/lib/hpkt/hpkt_test.go, line 173 at r4 (raw file):
|
3b1aa58 to
f15ad35
Compare
There was a problem hiding this comment.
Reviewable status: 28 of 32 files reviewed, 3 unresolved discussions (waiting on @oncilla)
go/lib/scmp/info.go, line 253 at r4 (raw file):
Previously, Oncilla wrote…
"Unable to parse InfoExtIdx", otherwise the error is not really helpful.
Done.
go/lib/scmp/info_traceroute.go, line 60 at r4 (raw file):
Previously, Oncilla wrote…
"unable to parse InfoTraceRoute, small buffer size"
Done.
There was a problem hiding this comment.
Reviewed 2 of 4 files at r5.
Reviewable status: 30 of 32 files reviewed, 2 unresolved discussions (waiting on @karampok and @oncilla)
go/lib/hpkt/read.go, line 227 at r5 (raw file):
case common.L4UDP: if len(p.b) < p.offset+l4.UDPLen { return common.NewBasicError("Unable to parse UDP header", err)
"Unable to parse UDP header, small buffer size", nil
go/lib/hpkt/read.go, line 234 at r5 (raw file):
case common.L4SCMP: if len(p.b) < p.offset+scmp.HdrLen { return common.NewBasicError("Unable to parse SCMP header", err)
"Unable to parse SCMP header, small buffer size", nil
* Check buffer size before reading in raw functions * Safe when hdr length looks at last byte * Make parsing of extension safer * Add fuzz-inputs for testing Fixes scionproto#2050
f15ad35 to
73d780c
Compare
There was a problem hiding this comment.
Reviewable status: 29 of 32 files reviewed, 2 unresolved discussions (waiting on @oncilla)
go/lib/hpkt/read.go, line 227 at r5 (raw file):
Previously, Oncilla wrote…
"Unable to parse UDP header, small buffer size", nil
Done.
go/lib/hpkt/read.go, line 234 at r5 (raw file):
Previously, Oncilla wrote…
"Unable to parse SCMP header, small buffer size", nil
Done.
There was a problem hiding this comment.
Reviewed 2 of 4 files at r5, 1 of 1 files at r6.
Reviewable status:complete! all files reviewed, all discussions resolved
There was a problem hiding this comment.
Reviewable status:
Fixes #2050
This change is