Merge pull request #236 from hashicorp/dnephin/fix-some-errors

Prevent a couple panics on malformed input
hashicorp · Apr 30, 2021 · 619135c · 619135c
2 parents 838073f + 45d05f1
commit 619135c
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 4 deletions.
diff --git a/net.go b/net.go
@@ -355,6 +355,10 @@ func (m *Memberlist) ingestPacket(buf []byte, from net.Addr, timestamp time.Time
 }
 
 func (m *Memberlist) handleCommand(buf []byte, from net.Addr, timestamp time.Time) {
+	if len(buf) < 1 {
+		m.logger.Printf("[ERR] memberlist: missing message type byte %s", LogAddress(from))
+		return
+	}
 	// Decode the message type
 	msgType := messageType(buf[0])
 	buf = buf[1:]

diff --git a/net_test.go b/net_test.go
@@ -866,3 +866,12 @@ func listenUDP(t *testing.T) *net.UDPConn {
 	}
 	return udp
 }
+
+func TestHandleCommand(t *testing.T) {
+	var buf bytes.Buffer
+	m := Memberlist{
+		logger: log.New(&buf, "", 0),
+	}
+	m.handleCommand(nil, &net.TCPAddr{Port: 12345}, time.Now())
+	require.Contains(t, buf.String(), "missing message type byte")
+}
diff --git a/util.go b/util.go
@@ -185,26 +185,26 @@ func decodeCompoundMessage(buf []byte) (trunc int, parts [][]byte, err error) {
 		err = fmt.Errorf("missing compound length byte")
 		return
 	}
-	numParts := uint8(buf[0])
+	numParts := int(buf[0])
 	buf = buf[1:]
 
 	// Check we have enough bytes
-	if len(buf) < int(numParts*2) {
+	if len(buf) < numParts*2 {
 		err = fmt.Errorf("truncated len slice")
 		return
 	}
 
 	// Decode the lengths
 	lengths := make([]uint16, numParts)
-	for i := 0; i < int(numParts); i++ {
+	for i := 0; i < numParts; i++ {
 		lengths[i] = binary.BigEndian.Uint16(buf[i*2 : i*2+2])
 	}
 	buf = buf[numParts*2:]
 
 	// Split each message
 	for idx, msgLen := range lengths {
 		if len(buf) < int(msgLen) {
-			trunc = int(numParts) - idx
+			trunc = numParts - idx
 			return
 		}
 

diff --git a/util_test.go b/util_test.go
@@ -5,6 +5,8 @@ import (
 	"reflect"
 	"testing"
 	"time"
+
+	"github.com/stretchr/testify/require"
 )
 
 func TestUtil_PortFunctions(t *testing.T) {
@@ -314,6 +316,13 @@ func TestDecodeCompoundMessage(t *testing.T) {
 	}
 }
 
+func TestDecodeCompoundMessage_NumberOfPartsOverflow(t *testing.T) {
+	buf := []byte{0x80}
+	_, _, err := decodeCompoundMessage(buf)
+	require.Error(t, err)
+	require.Equal(t, err.Error(), "truncated len slice")
+}
+
 func TestDecodeCompoundMessage_Trunc(t *testing.T) {
 	msg := &ping{SeqNo: 100}
 	buf, err := encode(pingMsg, msg)