Merge branch 'cbor-alloc-limits'

warpfork · warpfork · commit 9b85219058a9 · 2018-03-14T01:10:49.000+01:00
diff --git a/cbor/cborDecoderTerminals.go b/cbor/cborDecoderTerminals.go
@@ -124,6 +124,9 @@ func (d *Decoder) decodeBytesOrStringIndefinite(bs []byte, majorWanted byte) (bs
 		}
 		oldLen := len(bs)
 		newLen := oldLen + n
+		if n > 33554432 {
+			return nil, fmt.Errorf("cbor: decoding rejected oversized indefinite string/bytes field: %d is too large", n)
+		}
 		if newLen > cap(bs) {
 			bs2 := make([]byte, newLen, 2*cap(bs)+n)
 			copy(bs2, bs)
@@ -168,6 +171,9 @@ func (d *Decoder) decodeBytes(majorByte byte) (bs []byte, err error) {
 	if err != nil {
 		return nil, err
 	}
+	if n > 33554432 {
+		return nil, fmt.Errorf("cbor: decoding rejected oversized byte field: %d is too large", n)
+	}
 	return d.r.Readn(n)
 }
 
@@ -177,6 +183,9 @@ func (d *Decoder) decodeString(majorByte byte) (s string, err error) {
 	if err != nil {
 		return "", err
 	}
+	if n > 33554432 {
+		return "", fmt.Errorf("cbor: decoding rejected oversized string field: %d is too large", n)
+	}
 	bs, err := d.r.Readnzc(n)
 	return string(bs), err
 }

Original file line number	Diff line number	Diff line change
`@@ -124,6 +124,9 @@ func (d *Decoder) decodeBytesOrStringIndefinite(bs []byte, majorWanted byte) (bs`
`124`	`124`	`}`
`125`	`125`	`oldLen := len(bs)`
`126`	`126`	`newLen := oldLen + n`
	`127`	`+ if n > 33554432 {`
	`128`	`+ return nil, fmt.Errorf("cbor: decoding rejected oversized indefinite string/bytes field: %d is too large", n)`
	`129`	`+ }`
`127`	`130`	`if newLen > cap(bs) {`
`128`	`131`	`bs2 := make([]byte, newLen, 2*cap(bs)+n)`
`129`	`132`	`copy(bs2, bs)`
`@@ -168,6 +171,9 @@ func (d *Decoder) decodeBytes(majorByte byte) (bs []byte, err error) {`
`168`	`171`	`if err != nil {`
`169`	`172`	`return nil, err`
`170`	`173`	`}`
	`174`	`+ if n > 33554432 {`
	`175`	`+ return nil, fmt.Errorf("cbor: decoding rejected oversized byte field: %d is too large", n)`
	`176`	`+ }`
`171`	`177`	`return d.r.Readn(n)`
`172`	`178`	`}`
`173`	`179`
`@@ -177,6 +183,9 @@ func (d *Decoder) decodeString(majorByte byte) (s string, err error) {`
`177`	`183`	`if err != nil {`
`178`	`184`	`return "", err`
`179`	`185`	`}`
	`186`	`+ if n > 33554432 {`
	`187`	`+ return "", fmt.Errorf("cbor: decoding rejected oversized string field: %d is too large", n)`
	`188`	`+ }`
`180`	`189`	`bs, err := d.r.Readnzc(n)`
`181`	`190`	`return string(bs), err`
`182`	`191`	`}`