From 1b918b147d84cc32802ebe735a3c343530c393f5 Mon Sep 17 00:00:00 2001
From: Joseph Perez <joperez@hotmail.fr>
Date: Wed, 29 Jan 2025 09:14:36 +0100
Subject: [PATCH] fix: handle linkstate decoding error (#1743)

Panicking here was causing a major security breach concerning every
non-encrypted transport, especially UDP ones. An attacker could simply
forge a invalid OAM linkstate message to make the transport panic.
Regarding UDP multicast network, a single message could make the whole
network instantly unresponsive.
---
 zenoh/src/net/routing/hat/linkstate_peer/mod.rs | 4 +++-
 zenoh/src/net/routing/hat/p2p_peer/mod.rs       | 4 +++-
 zenoh/src/net/routing/hat/router/mod.rs         | 4 +++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/zenoh/src/net/routing/hat/linkstate_peer/mod.rs b/zenoh/src/net/routing/hat/linkstate_peer/mod.rs
index e9dbf9363..0e5a061aa 100644
--- a/zenoh/src/net/routing/hat/linkstate_peer/mod.rs
+++ b/zenoh/src/net/routing/hat/linkstate_peer/mod.rs
@@ -392,7 +392,9 @@ impl HatBaseTrait for HatCode {
                     use zenoh_codec::RCodec;
                     let codec = Zenoh080Routing::new();
                     let mut reader = buf.reader();
-                    let list: LinkStateList = codec.read(&mut reader).unwrap();
+                    let Ok(list): Result<LinkStateList, _> = codec.read(&mut reader) else {
+                        bail!("failed to decode link state");
+                    };
 
                     let whatami = transport.get_whatami()?;
                     if whatami != WhatAmI::Client {
diff --git a/zenoh/src/net/routing/hat/p2p_peer/mod.rs b/zenoh/src/net/routing/hat/p2p_peer/mod.rs
index e8bbeb2fe..6d86b7c1b 100644
--- a/zenoh/src/net/routing/hat/p2p_peer/mod.rs
+++ b/zenoh/src/net/routing/hat/p2p_peer/mod.rs
@@ -337,7 +337,9 @@ impl HatBaseTrait for HatCode {
                             use zenoh_codec::RCodec;
                             let codec = Zenoh080Routing::new();
                             let mut reader = buf.reader();
-                            let list: LinkStateList = codec.read(&mut reader).unwrap();
+                            let Ok(list): Result<LinkStateList, _> = codec.read(&mut reader) else {
+                                bail!("failed to decode link state");
+                            };
 
                             net.link_states(list.link_states, zid, whatami);
                         }
diff --git a/zenoh/src/net/routing/hat/router/mod.rs b/zenoh/src/net/routing/hat/router/mod.rs
index 965abbbb2..d7050649b 100644
--- a/zenoh/src/net/routing/hat/router/mod.rs
+++ b/zenoh/src/net/routing/hat/router/mod.rs
@@ -625,7 +625,9 @@ impl HatBaseTrait for HatCode {
                     use zenoh_codec::RCodec;
                     let codec = Zenoh080Routing::new();
                     let mut reader = buf.reader();
-                    let list: LinkStateList = codec.read(&mut reader).unwrap();
+                    let Ok(list): Result<LinkStateList, _> = codec.read(&mut reader) else {
+                        bail!("failed to decode link state");
+                    };
 
                     let whatami = transport.get_whatami()?;
                     match whatami {