Skip to content

N
neo
Commit 6b9ed46d authored by Kirill Smelkov's avatar Kirill Smelkov
1 Browse files
Options

X neonet: Avoid integer overflow on max packet length check 

`proto.PktHeaderLen + packed.Ntoh32(pkth.MsgLen)` could wrap int32 if
sent pkth.MsgLen is big.
parent a16e8d52
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 2 deletions
go/neo/neonet/connection.go
View file @ 6b9ed46d
...@@ -1158,10 +1158,11 @@ func (nl *NodeLink) recvPkt() (*pktBuf, error) { ...@@ -1158,10 +1158,11 @@ func (nl *NodeLink) recvPkt() (*pktBuf, error) {
pkth := pkt.Header() pkth := pkt.Header()
pktLen := int(proto.PktHeaderLen + packed.Ntoh32(pkth.MsgLen)) // whole packet length msgLen := packed.Ntoh32(pkth.MsgLen)
if pktLen > proto.PktMaxSize { if msgLen > proto.PktMaxSize - proto.PktHeaderLen {
return nil, ErrPktTooBig return nil, ErrPktTooBig
} }
pktLen := int(proto.PktHeaderLen + msgLen) // whole packet length
// resize data if we don't have enough room in it // resize data if we don't have enough room in it
data = xbytes.Resize(data, pktLen) data = xbytes.Resize(data, pktLen)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7