From d368cb7a43882fe82a64e53ff60c46be8dd1d77f Mon Sep 17 00:00:00 2001 From: Henry Date: Sun, 3 May 2015 04:29:13 +0200 Subject: [PATCH] godep: update go-msgio --- Godeps/Godeps.json | 2 +- .../github.com/jbenet/go-msgio/.travis.yml | 9 +++++++ .../src/github.com/jbenet/go-msgio/fuzz.go | 23 ++++++++++++++++++ .../github.com/jbenet/go-msgio/fuzz_test.go | 24 +++++++++++++++++++ .../src/github.com/jbenet/go-msgio/msgio.go | 15 +++++++++++- .../src/github.com/jbenet/go-msgio/varint.go | 6 +++++ 6 files changed, 77 insertions(+), 2 deletions(-) create mode 100644 Godeps/_workspace/src/github.com/jbenet/go-msgio/.travis.yml create mode 100644 Godeps/_workspace/src/github.com/jbenet/go-msgio/fuzz.go create mode 100644 Godeps/_workspace/src/github.com/jbenet/go-msgio/fuzz_test.go diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index 1363ad368..bed22cc60 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -169,7 +169,7 @@ }, { "ImportPath": "github.com/jbenet/go-msgio", - "Rev": "dbae89193876910c736b2ce1291fa8bbcf299d77" + "Rev": "b4f3f1e1c7ec0cbf2fe35d8a45d1c253d224dc72" }, { "ImportPath": "github.com/jbenet/go-multiaddr", diff --git a/Godeps/_workspace/src/github.com/jbenet/go-msgio/.travis.yml b/Godeps/_workspace/src/github.com/jbenet/go-msgio/.travis.yml new file mode 100644 index 000000000..7b4b3695b --- /dev/null +++ b/Godeps/_workspace/src/github.com/jbenet/go-msgio/.travis.yml @@ -0,0 +1,9 @@ +language: go + +go: + - 1.3 + - 1.4 + - release + +script: + - go test -race -cpu=5 -v ./... diff --git a/Godeps/_workspace/src/github.com/jbenet/go-msgio/fuzz.go b/Godeps/_workspace/src/github.com/jbenet/go-msgio/fuzz.go new file mode 100644 index 000000000..a60176a70 --- /dev/null +++ b/Godeps/_workspace/src/github.com/jbenet/go-msgio/fuzz.go @@ -0,0 +1,23 @@ +// +build gofuzz + +package msgio + +import "bytes" + +// get the go-fuzz tools and build a fuzzer +// $ go get -u github.com/dvyukov/go-fuzz/... +// $ go-fuzz-build github.com/jbenet/go-msgio + +// put a corpus of random (even better if actual, structured) data in a corpus directry +// $ go-fuzz -bin ./msgio-fuzz -corpus corpus -workdir=wdir -timeout=15 + +func Fuzz(data []byte) int { + rc := NewReader(bytes.NewReader(data)) + // rc := NewVarintReader(bytes.NewReader(data)) + + if _, err := rc.ReadMsg(); err != nil { + return 0 + } + + return 1 +} diff --git a/Godeps/_workspace/src/github.com/jbenet/go-msgio/fuzz_test.go b/Godeps/_workspace/src/github.com/jbenet/go-msgio/fuzz_test.go new file mode 100644 index 000000000..2002b8bb0 --- /dev/null +++ b/Godeps/_workspace/src/github.com/jbenet/go-msgio/fuzz_test.go @@ -0,0 +1,24 @@ +package msgio + +import ( + "strings" + "testing" +) + +func TestReader_CrashOne(t *testing.T) { + rc := NewReader(strings.NewReader("\x83000")) + _, err := rc.ReadMsg() + if err != ErrMsgTooLarge { + t.Error("should get ErrMsgTooLarge") + t.Log(err) + } +} + +func TestVarintReader_CrashOne(t *testing.T) { + rc := NewVarintReader(strings.NewReader("\x9a\xf1\xed\x9a0")) + _, err := rc.ReadMsg() + if err != ErrMsgTooLarge { + t.Error("should get ErrMsgTooLarge") + t.Log(err) + } +} diff --git a/Godeps/_workspace/src/github.com/jbenet/go-msgio/msgio.go b/Godeps/_workspace/src/github.com/jbenet/go-msgio/msgio.go index bf3d7a557..6547e6890 100644 --- a/Godeps/_workspace/src/github.com/jbenet/go-msgio/msgio.go +++ b/Godeps/_workspace/src/github.com/jbenet/go-msgio/msgio.go @@ -2,6 +2,7 @@ package msgio import ( "encoding/binary" + "errors" "io" "sync" @@ -11,7 +12,13 @@ import ( // NBO is NetworkByteOrder var NBO = binary.BigEndian -const lengthSize = 4 +// ErrMsgTooLarge is returned when the message length is exessive +var ErrMsgTooLarge = errors.New("message too large") + +const ( + lengthSize = 4 + defaultMaxSize = 8 * 1024 * 1024 // 8mb +) // Writer is the msgio Writer interface. It writes len-framed messages. type Writer interface { @@ -121,6 +128,7 @@ type reader struct { next int pool *mpool.Pool lock sync.Locker + max int // the maximal message size (in bytes) this reader handles } // NewReader wraps an io.Reader with a msgio framed reader. The msgio.Reader @@ -143,6 +151,7 @@ func NewReaderWithPool(r io.Reader, p *mpool.Pool) ReadCloser { next: -1, pool: p, lock: new(sync.Mutex), + max: defaultMaxSize, } } @@ -191,6 +200,10 @@ func (s *reader) ReadMsg() ([]byte, error) { return nil, err } + if length > s.max { + return nil, ErrMsgTooLarge + } + msgb := s.pool.Get(uint32(length)) if msgb == nil { return nil, io.ErrShortBuffer diff --git a/Godeps/_workspace/src/github.com/jbenet/go-msgio/varint.go b/Godeps/_workspace/src/github.com/jbenet/go-msgio/varint.go index 477ce6c44..1133e9775 100644 --- a/Godeps/_workspace/src/github.com/jbenet/go-msgio/varint.go +++ b/Godeps/_workspace/src/github.com/jbenet/go-msgio/varint.go @@ -67,6 +67,7 @@ type varintReader struct { next int pool *mpool.Pool lock sync.Locker + max int // the maximal message size (in bytes) this reader handles } // NewVarintReader wraps an io.Reader with a varint msgio framed reader. @@ -92,6 +93,7 @@ func NewVarintReaderWithPool(r io.Reader, p *mpool.Pool) ReadCloser { next: -1, pool: p, lock: new(sync.Mutex), + max: defaultMaxSize, } } @@ -141,6 +143,10 @@ func (s *varintReader) ReadMsg() ([]byte, error) { return nil, err } + if length > s.max { + return nil, ErrMsgTooLarge + } + msgb := s.pool.Get(uint32(length)) if msgb == nil { return nil, io.ErrShortBuffer