-
-
Notifications
You must be signed in to change notification settings - Fork 282
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add some missing bounds checks. #260
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool, thanks for submitting these!
How'd you find them? It might be useful to have such tests in the repo directly...
src/frame/headers.rs
Outdated
@@ -153,6 +153,9 @@ impl Headers { | |||
|
|||
// Read the padding length | |||
if flags.is_padded() { | |||
if src.len() < 1 { | |||
return Err(Error::MalformedMessage); | |||
} | |||
// TODO: Ensure payload is sized correctly |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe there's more involved, but wanted to check: does this addition essentially complete this TODO?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems like it; I removed the comment.
src/proto/streams/streams.rs
Outdated
@@ -322,6 +322,10 @@ where | |||
let last_stream_id = frame.last_stream_id(); | |||
let err = frame.reason().into(); | |||
|
|||
if actions.recv.max_stream_id() < last_stream_id { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I got a bit confused with this, until I went digging into recv
to read the comments about max_stream_id
. Whatcha think if there was a comment right here just saying to the effect of "if a new GOAWAY has a higher stream id than a previous GOAWAY, that's bad"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
Thanks @goffrie! Looks like the fuzzing has been submitted in another PR. I'm good with this! |
Ran a fuzzer and found a few places where we were panicking instead of returning errors.