Skip to content

Commit 07ef71f

Browse files
committed
Avoid parsing large sizes for messages
Signed-off-by: Derek Collison <derek@nats.io>
1 parent f8d6dd9 commit 07ef71f

3 files changed

Lines changed: 14 additions & 2 deletions

File tree

server/parser_test.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -225,6 +225,16 @@ func TestParsePub(t *testing.T) {
225225
}
226226
}
227227

228+
// https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126/
229+
func TestParsePubSizeOverflow(t *testing.T) {
230+
c := dummyClient()
231+
232+
pub := []byte("PUB foo 3333333333333333333333333333333333333333333333333333333333333333\r\n")
233+
if err := c.parse(pub); err == nil {
234+
t.Fatalf("Expected an error")
235+
}
236+
}
237+
228238
func TestParsePubArg(t *testing.T) {
229239
c := dummyClient()
230240

server/util.go

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,8 +34,10 @@ const (
3434
// parseSize expects decimal positive numbers. We
3535
// return -1 to signal error.
3636
func parseSize(d []byte) (n int) {
37+
const maxParseSizeLen = 9 //999M
38+
3739
l := len(d)
38-
if l == 0 {
40+
if l == 0 || l > maxParseSizeLen {
3941
return -1
4042
}
4143
var (

test/maxpayload_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@ func TestMaxPayloadOverrun(t *testing.T) {
112112
defer c.Close()
113113

114114
send, expect := setupConn(t, c)
115-
send("PUB foo 380571791000988\r\n")
115+
send("PUB foo 199380988\r\n")
116116
expect(errRe)
117117

118118
// Now overrun an int64, parseSize will have returned -1,

0 commit comments

Comments
 (0)