network: check compressed payload size in decompress
Signed-off-by: Evgeniy Stratonikov <evgeniy@nspcc.ru>
This commit is contained in:
parent
5a6cda329a
commit
92a2ec5848
3 changed files with 36 additions and 0 deletions
|
@ -21,6 +21,9 @@ func compress(source []byte) ([]byte, error) {
|
|||
|
||||
// decompress decompresses bytes using lz4.
|
||||
func decompress(source []byte) ([]byte, error) {
|
||||
if len(source) < 4 {
|
||||
return nil, errors.New("invalid compressed payload")
|
||||
}
|
||||
length := binary.LittleEndian.Uint32(source[:4])
|
||||
if length > payload.MaxSize {
|
||||
return nil, errors.New("invalid uncompressed payload length")
|
||||
|
|
26
pkg/network/fuzz_test.go
Normal file
26
pkg/network/fuzz_test.go
Normal file
|
@ -0,0 +1,26 @@
|
|||
//go:build go1.18
|
||||
// +build go1.18
|
||||
|
||||
package network
|
||||
|
||||
import (
|
||||
"math/rand"
|
||||
"testing"
|
||||
|
||||
"github.com/nspcc-dev/neo-go/pkg/io"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func FuzzMessageDecode(f *testing.F) {
|
||||
for i := 0; i < 100; i++ {
|
||||
seed := make([]byte, rand.Uint32()%1000)
|
||||
rand.Read(seed)
|
||||
f.Add(seed)
|
||||
}
|
||||
|
||||
f.Fuzz(func(t *testing.T, value []byte) {
|
||||
m := new(Message)
|
||||
r := io.NewBinReaderFromBuf(value)
|
||||
require.NotPanics(t, func() { _ = m.Decode(r) })
|
||||
})
|
||||
}
|
|
@ -18,6 +18,13 @@ import (
|
|||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestMessageDecodeFuzzCases(t *testing.T) {
|
||||
raw := []byte("10\x0200")
|
||||
m := new(Message)
|
||||
r := io.NewBinReaderFromBuf(raw)
|
||||
require.NotPanics(t, func() { _ = m.Decode(r) })
|
||||
}
|
||||
|
||||
func TestEncodeDecodeVersion(t *testing.T) {
|
||||
// message with tiny payload, shouldn't be compressed
|
||||
expected := NewMessage(CMDVersion, &payload.Version{
|
||||
|
|
Loading…
Reference in a new issue