Updates golang_org/x/net/route to rev
4d38db7 for:
- route: don't crash or hang up with corrupted messages
Change-Id: I22492f56a5e211b5a0479f1e07ad8f42f7b9ea03
Reviewed-on: https://go-review.googlesource.com/27574
Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
return nil, err
}
as[i] = a
- b = b[roundup(int(b[0])):]
+ l := roundup(int(b[0]))
+ if len(b) < l {
+ return nil, errMessageTooShort
+ }
+ b = b[l:]
case sysAF_INET, sysAF_INET6:
af = int(b[1])
a, err := parseInetAddr(af, b)
return nil, err
}
as[i] = a
- b = b[roundup(int(b[0])):]
+ l := roundup(int(b[0]))
+ if len(b) < l {
+ return nil, errMessageTooShort
+ }
+ b = b[l:]
default:
l, a, err := fn(af, b)
if err != nil {
return nil, err
}
as[i] = a
- b = b[roundup(int(b[0])):]
+ l := roundup(int(b[0]))
+ if len(b) < l {
+ return nil, errMessageTooShort
+ }
+ b = b[l:]
}
}
return as[:], nil
extOff = int(nativeEndian.Uint16(b[18:20]))
bodyOff = int(nativeEndian.Uint16(b[16:18]))
} else {
- if len(b) < w.bodyOff {
- return nil, errMessageTooShort
- }
extOff = w.extOff
bodyOff = w.bodyOff
}
+ if len(b) < extOff || len(b) < bodyOff {
+ return nil, errInvalidMessage
+ }
l := int(nativeEndian.Uint16(b[:2]))
if len(b) < l {
return nil, errInvalidMessage
}
bodyOff = int(nativeEndian.Uint16(b[16:18]))
} else {
- if len(b) < w.bodyOff {
- return nil, errMessageTooShort
- }
bodyOff = w.bodyOff
}
+ if len(b) < bodyOff {
+ return nil, errInvalidMessage
+ }
l := int(nativeEndian.Uint16(b[:2]))
if len(b) < l {
return nil, errInvalidMessage
Addrs: make([]Addr, sysRTAX_MAX),
raw: b[:l],
}
- a, err := parseLinkAddr(b[int(nativeEndian.Uint16(b[4:6])):])
+ ll := int(nativeEndian.Uint16(b[4:6]))
+ if len(b) < ll {
+ return nil, errInvalidMessage
+ }
+ a, err := parseLinkAddr(b[ll:])
if err != nil {
return nil, err
}
return nil, errInvalidMessage
}
bodyOff := int(nativeEndian.Uint16(b[4:6]))
+ if len(b) < bodyOff {
+ return nil, errInvalidMessage
+ }
m := &InterfaceAddrMessage{
Version: int(b[2]),
Type: int(b[3]),
for len(b) > 4 {
nmsgs++
l := int(nativeEndian.Uint16(b[:2]))
+ if l == 0 {
+ return nil, errInvalidMessage
+ }
+ if len(b) < l {
+ return nil, errMessageTooShort
+ }
if b[2] != sysRTM_VERSION {
b = b[l:]
continue
time.Sleep(200 * time.Millisecond)
}
}
+
+func TestParseRIBWithFuzz(t *testing.T) {
+ for _, fuzz := range []string{
+ "0\x00\x05\x050000000000000000" +
+ "00000000000000000000" +
+ "00000000000000000000" +
+ "00000000000000000000" +
+ "0000000000000\x02000000" +
+ "00000000",
+ "\x02\x00\x05\f0000000000000000" +
+ "0\x0200000000000000",
+ "\x02\x00\x05\x100000000000000\x1200" +
+ "0\x00\xff\x00",
+ "\x02\x00\x05\f0000000000000000" +
+ "0\x12000\x00\x02\x0000",
+ "\x00\x00\x00\x01\x00",
+ "00000",
+ } {
+ for typ := RIBType(0); typ < 256; typ++ {
+ ParseRIB(typ, []byte(fuzz))
+ }
+ }
+}
Index: int(nativeEndian.Uint16(b[6:8])),
raw: b[:l],
}
- as, err := parseAddrs(uint(nativeEndian.Uint32(b[12:16])), parseKernelInetAddr, b[int(nativeEndian.Uint16(b[4:6])):])
+ ll := int(nativeEndian.Uint16(b[4:6]))
+ if len(b) < ll {
+ return nil, errInvalidMessage
+ }
+ as, err := parseAddrs(uint(nativeEndian.Uint32(b[12:16])), parseKernelInetAddr, b[ll:])
if err != nil {
return nil, err
}