-
-
Notifications
You must be signed in to change notification settings - Fork 852
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent crafted DOS attack. #2501
Conversation
@@ -28,7 +28,7 @@ public static void SkipWhitespaceAndComments(this BufferedReadStream stream) | |||
{ | |||
innerValue = stream.ReadByte(); | |||
} | |||
while (innerValue != 0x0a); | |||
while (innerValue is not 0x0a and not -0x1); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should a similar check be added also in line 52 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
int current = stream.ReadByte() - 0x30;
if ((uint)current > 9)
{
break;
}
In case of EOF current == -1 -0x30 == -0x31
. (uint)-0x31 == SomeHighNum > 9
.
Nevertheless, a test case might be nice, these infinite loops are dangerous. 💀
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, that's why I left it. We actually enter that loop in ReadDecimal with this test, but I'll double check before merging.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We cover this code with the test so I'm happy. I'll open another PR after this one to backport the fix to 2.X
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We shall merge and publish this, the faster the better. It also needs a 2.1 backport, which I would be happy to do, but I have no computer access until Monday.
Done #2509 I was hoping to get the gif fixes in asap but they'll have to wait if I cannot get hem reviewed. |
Prerequisites
Description
It's possible to cause the library to hang with a crafted byte array targetting the PBM decoder. This PR fixes that vulnarability. All other formats correctly test for the end of the stream.