]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0160412)
math/big: error on buffer length overflow in Rat.GobDecode
authorIan Lance Taylor <iant@golang.org>
Tue, 11 Oct 2022 18:21:13 +0000 (11:21 -0700)
committerGopher Robot <gobot@golang.org>
Tue, 11 Oct 2022 20:20:16 +0000 (20:20 +0000)
Fixes #56156

Change-Id: Ib85ff45f0b0d0eac83c39606ee20b3a312e6e919
Reviewed-on: https://go-review.googlesource.com/c/go/+/442335
Run-TryBot: Ian Lance Taylor <iant@google.com>
Auto-Submit: Ian Lance Taylor <iant@google.com>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>

src/math/big/ratmarsh.go patch | blob | history
src/math/big/ratmarsh_test.go patch | blob | history

diff --git a/src/math/big/ratmarsh.go b/src/math/big/ratmarsh.go
index 56102e845b779cdfeae226989fda09dc10aaa686..b69c59dfb6a1c8869318b305290546f19a8e1342 100644 (file)
--- a/src/math/big/ratmarsh.go
+++ b/src/math/big/ratmarsh.go
@@ -10,6 +10,7 @@ import (
        "encoding/binary"
        "errors"
        "fmt"
+       "math"
 )
 
 // Gob codec version. Permits backward-compatible changes to the encoding.
@@ -53,8 +54,12 @@ func (z *Rat) GobDecode(buf []byte) error {
                return fmt.Errorf("Rat.GobDecode: encoding version %d not supported", b>>1)
        }
        const j = 1 + 4
-       i := j + binary.BigEndian.Uint32(buf[j-4:j])
-       if len(buf) < int(i) {
+       ln := binary.BigEndian.Uint32(buf[j-4 : j])
+       if uint64(ln) > math.MaxInt-j {
+               return errors.New("Rat.GobDecode: invalid length")
+       }
+       i := j + int(ln)
+       if len(buf) < i {
                return errors.New("Rat.GobDecode: buffer too small")
        }
        z.a.neg = b&1 != 0
diff --git a/src/math/big/ratmarsh_test.go b/src/math/big/ratmarsh_test.go
index 55a9878bb871b1166317f99514c5ec8a8f80bdca..15c933efa6d43bb14926abf82dfb83285b042601 100644 (file)
--- a/src/math/big/ratmarsh_test.go
+++ b/src/math/big/ratmarsh_test.go
@@ -128,6 +128,7 @@ func TestRatGobDecodeShortBuffer(t *testing.T) {
        for _, tc := range [][]byte{
                []byte{0x2},
                []byte{0x2, 0x0, 0x0, 0x0, 0xff},
+               []byte{0x2, 0xff, 0xff, 0xff, 0xff},
        } {
                err := NewRat(1, 2).GobDecode(tc)
                if err == nil {
Go GOST TLS 1.3