mirrors/uquic
1
0
Fork 0
mirror of https://github.com/refraction-networking/uquic.git synced 2025-04-06 05:37:36 +03:00
Code Issues Projects Releases Packages Wiki Activity

prevent int64 overflow when reading the expiry date of the server config

Browse source
This commit is contained in:
Marten Seemann 2016-11-16 12:42:19 +07:00
parent f9013edb77
commit 52ba2ce9f8
No known key found for this signature in database
GPG key ID: 3603F40B121FCDEA
4 changed files with 26 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
handshake/server_config_client.go
View file

@ -4,10 +4,12 @@ import (
"bytes" "bytes"
"encoding/binary" "encoding/binary"
"errors" "errors"
"math"
"time" "time"
"github.com/lucas-clemente/quic-go/crypto" "github.com/lucas-clemente/quic-go/crypto"
"github.com/lucas-clemente/quic-go/qerr" "github.com/lucas-clemente/quic-go/qerr"
"github.com/lucas-clemente/quic-go/utils"
) )
type serverConfigClient struct { type serverConfigClient struct {
@ -127,7 +129,10 @@ func (s *serverConfigClient) parseValues(tagMap map[Tag][]byte) error {
if len(expy) != 8 { if len(expy) != 8 {
return qerr.Error(qerr.CryptoInvalidValueLength, "EXPY") return qerr.Error(qerr.CryptoInvalidValueLength, "EXPY")
} }
s.expiry = time.Unix(int64(binary.LittleEndian.Uint64(expy)), 0) // make sure that the value doesn't overflow an int64
// furthermore, values close to MaxInt64 are not a valid input to time.Unix, thus set MaxInt64/2 as the maximum value here
expyTimestamp := utils.MinUint64(binary.LittleEndian.Uint64(expy), math.MaxInt64/2)
s.expiry = time.Unix(int64(expyTimestamp), 0)
// TODO: implement VER // TODO: implement VER

7
handshake/server_config_client_test.go
View file

@ -235,6 +235,13 @@ var _ = Describe("Server Config", func() {
err := scfg.parseValues(tagMap) err := scfg.parseValues(tagMap)
Expect(err).To(MatchError("CryptoInvalidValueLength: EXPY")) Expect(err).To(MatchError("CryptoInvalidValueLength: EXPY"))
}) })
It("deals with absurdly large timestamps", func() {
tagMap[TagEXPY] = bytes.Repeat([]byte{0xff}, 8) // this would overflow the int64
err := scfg.parseValues(tagMap)
Expect(err).ToNot(HaveOccurred())
Expect(scfg.expiry.After(time.Now())).To(BeTrue())
})
}) })
}) })
}) })

8
utils/minmax.go
View file

@ -34,6 +34,14 @@ func MaxUint64(a, b uint64) uint64 {
return a return a
} }
// MinUint64 returns the maximum of two uint64
func MinUint64(a, b uint64) uint64 {
if a < b {
return a
}
return b
}
// Min returns the minimum of two Ints // Min returns the minimum of two Ints
func Min(a, b int) int { func Min(a, b int) int {
if a < b { if a < b {

5
utils/minmax_test.go
View file

@ -25,6 +25,11 @@ var _ = Describe("Min / Max", func() {
Expect(MaxUint64(7, 5)).To(Equal(uint64(7))) Expect(MaxUint64(7, 5)).To(Equal(uint64(7)))
}) })
It("returns the minimum uint64", func() {
Expect(MinUint64(5, 7)).To(Equal(uint64(5)))
Expect(MinUint64(7, 5)).To(Equal(uint64(5)))
})
It("returns the maximum int64", func() { It("returns the maximum int64", func() {
Expect(MaxInt64(5, 7)).To(Equal(int64(7))) Expect(MaxInt64(5, 7)).To(Equal(int64(7)))
Expect(MaxInt64(7, 5)).To(Equal(int64(7))) Expect(MaxInt64(7, 5)).To(Equal(int64(7)))