Check buffer length in set_length

This commit is contained in:
Jack Grigg
2019-12-10 13:22:21 +00:00
parent 363bdc4351
commit 8385dda201
2 changed files with 20 additions and 12 deletions
+1 -1
View File
@@ -136,7 +136,7 @@ pub(crate) fn set_item(
// Re-encode item and insert // Re-encode item and insert
if cb_item != 0 { if cb_item != 0 {
offset -= cb_len; offset -= cb_len;
offset += set_length(&mut data[offset..], cb_item); offset += set_length(&mut data[offset..], cb_item)?;
data[offset..offset + cb_item].copy_from_slice(p_item); data[offset..offset + cb_item].copy_from_slice(p_item);
} }
+16 -8
View File
@@ -85,8 +85,7 @@ impl<'a> Tlv<'a> {
} }
buffer[0] = tag; buffer[0] = tag;
// TODO: Raise error let offset = 1 + set_length(&mut buffer[1..], value.len())?;
let offset = 1 + set_length(&mut buffer[1..], value.len());
if buffer.len() < offset + value.len() { if buffer.len() < offset + value.len() {
return Err(Error::SizeError); return Err(Error::SizeError);
@@ -113,8 +112,7 @@ impl<'a> Tlv<'a> {
} }
buffer[0] = tag; buffer[0] = tag;
// TODO: Raise error let offset = 1 + set_length(&mut buffer[1..], length)?;
let offset = 1 + set_length(&mut buffer[1..], length);
if buffer.len() < offset + length { if buffer.len() < offset + length {
return Err(Error::SizeError); return Err(Error::SizeError);
@@ -127,19 +125,29 @@ impl<'a> Tlv<'a> {
/// Set length /// Set length
#[cfg(feature = "untested")] #[cfg(feature = "untested")]
pub(crate) fn set_length(buffer: &mut [u8], length: usize) -> usize { pub(crate) fn set_length(buffer: &mut [u8], length: usize) -> Result<usize, Error> {
if length < 0x80 { if length < 0x80 {
if buffer.is_empty() {
Err(Error::SizeError)
} else {
buffer[0] = length as u8; buffer[0] = length as u8;
1 Ok(1)
}
} else if length < 0x100 { } else if length < 0x100 {
if buffer.len() < 2 {
Err(Error::SizeError)
} else {
buffer[0] = 0x81; buffer[0] = 0x81;
buffer[1] = length as u8; buffer[1] = length as u8;
2 Ok(2)
}
} else if buffer.len() < 3 {
Err(Error::SizeError)
} else { } else {
buffer[0] = 0x82; buffer[0] = 0x82;
buffer[1] = ((length >> 8) & 0xff) as u8; buffer[1] = ((length >> 8) & 0xff) as u8;
buffer[2] = (length & 0xff) as u8; buffer[2] = (length & 0xff) as u8;
3 Ok(3)
} }
} }