From 835ff47c1680de81b93480f5184ac4034c45e417 Mon Sep 17 00:00:00 2001 From: Russ Cox Date: Fri, 20 Aug 2021 15:20:10 -0400 Subject: [PATCH] cmd/internal/buildid: reject empty id The loop that makes progress assumes that after matching an id you should advance len(id) bytes in the file. If id is the empty string, then it will match and advance 0 bytes repeatedly. 0-byte ids are not really build IDs, so just reject it outright. Fixes #47852. Change-Id: Ie44a3a51dec22e2f68fb72d54ead91be98000cfe Reviewed-on: https://go-review.googlesource.com/c/go/+/344049 Trust: Russ Cox Run-TryBot: Russ Cox Reviewed-by: Michael Knyszek TryBot-Result: Go Bot --- src/cmd/internal/buildid/buildid_test.go | 8 ++++++++ src/cmd/internal/buildid/rewrite.go | 3 +++ 2 files changed, 11 insertions(+) diff --git a/src/cmd/internal/buildid/buildid_test.go b/src/cmd/internal/buildid/buildid_test.go index e832f9987e..4895a49e11 100644 --- a/src/cmd/internal/buildid/buildid_test.go +++ b/src/cmd/internal/buildid/buildid_test.go @@ -177,3 +177,11 @@ func TestExcludedReader(t *testing.T) { } } } + +func TestEmptyID(t *testing.T) { + r := strings.NewReader("aha!") + matches, hash, err := FindAndHash(r, "", 1000) + if matches != nil || hash != ([32]byte{}) || err == nil || !strings.Contains(err.Error(), "no id") { + t.Errorf("FindAndHash: want nil, [32]byte{}, no id specified, got %v, %v, %v", matches, hash, err) + } +} diff --git a/src/cmd/internal/buildid/rewrite.go b/src/cmd/internal/buildid/rewrite.go index a7928959c4..8814950db0 100644 --- a/src/cmd/internal/buildid/rewrite.go +++ b/src/cmd/internal/buildid/rewrite.go @@ -22,6 +22,9 @@ func FindAndHash(r io.Reader, id string, bufSize int) (matches []int64, hash [32 if bufSize == 0 { bufSize = 31 * 1024 // bufSize+little will likely fit in 32 kB } + if len(id) == 0 { + return nil, [32]byte{}, fmt.Errorf("buildid.FindAndHash: no id specified") + } if len(id) > bufSize { return nil, [32]byte{}, fmt.Errorf("buildid.FindAndHash: buffer too small") } -- 2.50.0