From: Russ Cox Date: Fri, 20 Aug 2021 19:20:10 +0000 (-0400) Subject: cmd/internal/buildid: reject empty id X-Git-Tag: go1.18beta1~1690 X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=835ff47c16;p=gostls13.git cmd/internal/buildid: reject empty id The loop that makes progress assumes that after matching an id you should advance len(id) bytes in the file. If id is the empty string, then it will match and advance 0 bytes repeatedly. 0-byte ids are not really build IDs, so just reject it outright. Fixes #47852. Change-Id: Ie44a3a51dec22e2f68fb72d54ead91be98000cfe Reviewed-on: https://go-review.googlesource.com/c/go/+/344049 Trust: Russ Cox Run-TryBot: Russ Cox Reviewed-by: Michael Knyszek TryBot-Result: Go Bot --- diff --git a/src/cmd/internal/buildid/buildid_test.go b/src/cmd/internal/buildid/buildid_test.go index e832f9987e..4895a49e11 100644 --- a/src/cmd/internal/buildid/buildid_test.go +++ b/src/cmd/internal/buildid/buildid_test.go @@ -177,3 +177,11 @@ func TestExcludedReader(t *testing.T) { } } } + +func TestEmptyID(t *testing.T) { + r := strings.NewReader("aha!") + matches, hash, err := FindAndHash(r, "", 1000) + if matches != nil || hash != ([32]byte{}) || err == nil || !strings.Contains(err.Error(), "no id") { + t.Errorf("FindAndHash: want nil, [32]byte{}, no id specified, got %v, %v, %v", matches, hash, err) + } +} diff --git a/src/cmd/internal/buildid/rewrite.go b/src/cmd/internal/buildid/rewrite.go index a7928959c4..8814950db0 100644 --- a/src/cmd/internal/buildid/rewrite.go +++ b/src/cmd/internal/buildid/rewrite.go @@ -22,6 +22,9 @@ func FindAndHash(r io.Reader, id string, bufSize int) (matches []int64, hash [32 if bufSize == 0 { bufSize = 31 * 1024 // bufSize+little will likely fit in 32 kB } + if len(id) == 0 { + return nil, [32]byte{}, fmt.Errorf("buildid.FindAndHash: no id specified") + } if len(id) > bufSize { return nil, [32]byte{}, fmt.Errorf("buildid.FindAndHash: buffer too small") }