Skip to content

Commit

Permalink
Fix parsing local DoS (#279)
Browse files Browse the repository at this point in the history 
Closes #152

Adds additional checks when parsing TLV records to ensure panic-free
operation.
  • Loading branch information
@tony-iqlusion
tony-iqlusion authored Jul 12, 2021
1 parent 227518d commit 47776eb
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions src/serialization.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,13 +50,16 @@ impl<'a> Tlv<'a> {
}

let tag = buffer[0];

let mut len = 0;
let offset = 1 + get_length(&buffer[1..], &mut len);
let buffer = buffer.get(offset..).ok_or(Error::SizeError)?;

let (value, buffer) = buffer[offset..].split_at(len);

Ok((buffer, Tlv { tag, value }))
if buffer.len() >= len {
let (value, buffer) = buffer.split_at(len);
Ok((buffer, Tlv { tag, value }))
} else {
Err(Error::SizeError)
}
}

/// Takes a [`Buffer`] containing a single `Tlv` with the given tag, and returns a
Expand Down

0 comments on commit 47776eb

Please sign in to comment.