From 47776ebf0b5d0a825dee41762c1d544bf5b7cf9d Mon Sep 17 00:00:00 2001 From: "Tony Arcieri (iqlusion)" Date: Mon, 12 Jul 2021 11:19:26 -0700 Subject: [PATCH] Fix parsing local DoS (#279) Closes #152 Adds additional checks when parsing TLV records to ensure panic-free operation. --- src/serialization.rs | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/serialization.rs b/src/serialization.rs index d6c89f8..002e7dd 100644 --- a/src/serialization.rs +++ b/src/serialization.rs @@ -50,13 +50,16 @@ impl<'a> Tlv<'a> { } let tag = buffer[0]; - let mut len = 0; let offset = 1 + get_length(&buffer[1..], &mut len); + let buffer = buffer.get(offset..).ok_or(Error::SizeError)?; - let (value, buffer) = buffer[offset..].split_at(len); - - Ok((buffer, Tlv { tag, value })) + if buffer.len() >= len { + let (value, buffer) = buffer.split_at(len); + Ok((buffer, Tlv { tag, value })) + } else { + Err(Error::SizeError) + } } /// Takes a [`Buffer`] containing a single `Tlv` with the given tag, and returns a