From 90288a3bb10f334f06e67a8aa58f220be934ff32 Mon Sep 17 00:00:00 2001 From: Dhiogo Brustolin Date: Mon, 26 Aug 2024 08:37:41 +0200 Subject: [PATCH 01/12] fix: Crash when reading corrupted envelope --- CHANGELOG.md | 7 +++++++ Sources/Sentry/SentrySerialization.m | 6 ++++++ .../SentryTests/Helper/SentrySerializationTests.swift | 11 +++++++++++ 3 files changed, 24 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f0827939c0..abde1b3dc24 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog + +## Unreleased + +### Fixes + +- Crash when reading corrupted envelope () + ## 8.35.0 ### Features diff --git a/Sources/Sentry/SentrySerialization.m b/Sources/Sentry/SentrySerialization.m index 521992499e1..2c98ec37526 100644 --- a/Sources/Sentry/SentrySerialization.m +++ b/Sources/Sentry/SentrySerialization.m @@ -208,6 +208,12 @@ + (SentryEnvelope *_Nullable)envelopeWithData:(NSData *)data if (endOfEnvelope == i) { i++; // 0 byte attachment } + + if (data.length < (i+1+bodyLength)) { + SENTRY_LOG_DEBUG(@"Envelope is corrupted or has invalid data.") + return nil; + } + NSData *itemBody = [data subdataWithRange:NSMakeRange(i + 1, bodyLength)]; SentryEnvelopeItem *envelopeItem = [[SentryEnvelopeItem alloc] initWithHeader:itemHeader data:itemBody]; diff --git a/Tests/SentryTests/Helper/SentrySerializationTests.swift b/Tests/SentryTests/Helper/SentrySerializationTests.swift index b3d5fb5fec7..4105c9540bd 100644 --- a/Tests/SentryTests/Helper/SentrySerializationTests.swift +++ b/Tests/SentryTests/Helper/SentrySerializationTests.swift @@ -267,6 +267,17 @@ class SentrySerializationTests: XCTestCase { XCTAssertNil(actual) } + func testReturnNilForCorruptedEnvelope() throws { + let envelope = SentryEnvelope(event: Event(error: NSError(domain: "test", code: -1, userInfo: nil))) + let data = try XCTUnwrap(SentrySerialization.data(with: envelope)) + + let corruptedData = data[0.. Data { var serializedEnvelope: Data = Data() do { From c5212715feff81355a71ee62fad813dfc71b58d2 Mon Sep 17 00:00:00 2001 From: Sentry Github Bot Date: Mon, 26 Aug 2024 06:40:52 +0000 Subject: [PATCH 02/12] Format code --- Sources/Sentry/SentrySerialization.m | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Sources/Sentry/SentrySerialization.m b/Sources/Sentry/SentrySerialization.m index 2c98ec37526..b9fca3b5e0b 100644 --- a/Sources/Sentry/SentrySerialization.m +++ b/Sources/Sentry/SentrySerialization.m @@ -208,12 +208,12 @@ + (SentryEnvelope *_Nullable)envelopeWithData:(NSData *)data if (endOfEnvelope == i) { i++; // 0 byte attachment } - - if (data.length < (i+1+bodyLength)) { + + if (data.length < (i + 1 + bodyLength)) { SENTRY_LOG_DEBUG(@"Envelope is corrupted or has invalid data.") return nil; } - + NSData *itemBody = [data subdataWithRange:NSMakeRange(i + 1, bodyLength)]; SentryEnvelopeItem *envelopeItem = [[SentryEnvelopeItem alloc] initWithHeader:itemHeader data:itemBody]; From 24471d6f7abb78e20e8f4e0bd8502a4de4eb712a Mon Sep 17 00:00:00 2001 From: Dhiogo Brustolin Date: Mon, 26 Aug 2024 08:55:46 +0200 Subject: [PATCH 03/12] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index abde1b3dc24..c6428aa58b5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ ### Fixes -- Crash when reading corrupted envelope () +- Crash when reading corrupted envelope (#4297) ## 8.35.0 From 933bd94722bd13f5a5276f73de44d14053dcd802 Mon Sep 17 00:00:00 2001 From: Dhiogo Brustolin Date: Mon, 26 Aug 2024 09:49:21 +0200 Subject: [PATCH 04/12] Update SentrySerialization.m --- Sources/Sentry/SentrySerialization.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/Sentry/SentrySerialization.m b/Sources/Sentry/SentrySerialization.m index b9fca3b5e0b..5724424043c 100644 --- a/Sources/Sentry/SentrySerialization.m +++ b/Sources/Sentry/SentrySerialization.m @@ -210,7 +210,7 @@ + (SentryEnvelope *_Nullable)envelopeWithData:(NSData *)data } if (data.length < (i + 1 + bodyLength)) { - SENTRY_LOG_DEBUG(@"Envelope is corrupted or has invalid data.") + SENTRY_LOG_ERROR(@"Envelope is corrupted or has invalid data. Trying to read %li bytes by skiping %li from a buffer of %li bytes.", data.length, bodyLength, i + 1); return nil; } From 4c6ff5d2784a6750f0f397ef1b7e9ceef1868fcd Mon Sep 17 00:00:00 2001 From: Sentry Github Bot Date: Mon, 26 Aug 2024 07:50:19 +0000 Subject: [PATCH 05/12] Format code --- Sources/Sentry/SentrySerialization.m | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Sources/Sentry/SentrySerialization.m b/Sources/Sentry/SentrySerialization.m index 5724424043c..2f055894044 100644 --- a/Sources/Sentry/SentrySerialization.m +++ b/Sources/Sentry/SentrySerialization.m @@ -210,7 +210,9 @@ + (SentryEnvelope *_Nullable)envelopeWithData:(NSData *)data } if (data.length < (i + 1 + bodyLength)) { - SENTRY_LOG_ERROR(@"Envelope is corrupted or has invalid data. Trying to read %li bytes by skiping %li from a buffer of %li bytes.", data.length, bodyLength, i + 1); + SENTRY_LOG_ERROR(@"Envelope is corrupted or has invalid data. Trying to read %li " + @"bytes by skiping %li from a buffer of %li bytes.", + data.length, bodyLength, i + 1); return nil; } From f3e19aa3c293ca44700734780e7d35885f02aff1 Mon Sep 17 00:00:00 2001 From: Dhiogo Brustolin Date: Mon, 26 Aug 2024 11:19:06 +0200 Subject: [PATCH 06/12] Update SentrySerialization.m --- Sources/Sentry/SentrySerialization.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/Sentry/SentrySerialization.m b/Sources/Sentry/SentrySerialization.m index 2f055894044..d7747c0be5d 100644 --- a/Sources/Sentry/SentrySerialization.m +++ b/Sources/Sentry/SentrySerialization.m @@ -209,7 +209,7 @@ + (SentryEnvelope *_Nullable)envelopeWithData:(NSData *)data i++; // 0 byte attachment } - if (data.length < (i + 1 + bodyLength)) { + if (bodyLength > 0 && data.length < (i + 1 + bodyLength)) { SENTRY_LOG_ERROR(@"Envelope is corrupted or has invalid data. Trying to read %li " @"bytes by skiping %li from a buffer of %li bytes.", data.length, bodyLength, i + 1); From 9992e49692dfeb14b26a65ac0d05d9c9dde4145e Mon Sep 17 00:00:00 2001 From: Dhiogo Brustolin Date: Mon, 26 Aug 2024 11:27:40 +0200 Subject: [PATCH 07/12] Update SentrySerialization.m --- Sources/Sentry/SentrySerialization.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/Sentry/SentrySerialization.m b/Sources/Sentry/SentrySerialization.m index d7747c0be5d..9f385154523 100644 --- a/Sources/Sentry/SentrySerialization.m +++ b/Sources/Sentry/SentrySerialization.m @@ -212,7 +212,7 @@ + (SentryEnvelope *_Nullable)envelopeWithData:(NSData *)data if (bodyLength > 0 && data.length < (i + 1 + bodyLength)) { SENTRY_LOG_ERROR(@"Envelope is corrupted or has invalid data. Trying to read %li " @"bytes by skiping %li from a buffer of %li bytes.", - data.length, bodyLength, i + 1); + (NSUInteger)data.length, bodyLength, i + 1); return nil; } From b5241b2ea369a65373c52fc6682a116b8434ab2d Mon Sep 17 00:00:00 2001 From: Sentry Github Bot Date: Mon, 26 Aug 2024 09:29:09 +0000 Subject: [PATCH 08/12] Format code --- Sources/Sentry/SentrySerialization.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/Sentry/SentrySerialization.m b/Sources/Sentry/SentrySerialization.m index 9f385154523..4ce9462a5f3 100644 --- a/Sources/Sentry/SentrySerialization.m +++ b/Sources/Sentry/SentrySerialization.m @@ -212,7 +212,7 @@ + (SentryEnvelope *_Nullable)envelopeWithData:(NSData *)data if (bodyLength > 0 && data.length < (i + 1 + bodyLength)) { SENTRY_LOG_ERROR(@"Envelope is corrupted or has invalid data. Trying to read %li " @"bytes by skiping %li from a buffer of %li bytes.", - (NSUInteger)data.length, bodyLength, i + 1); + (NSUInteger)data.length, bodyLength, i + 1); return nil; } From 526ec4ef7a99e6c569bb49cd09d78176aede7ea1 Mon Sep 17 00:00:00 2001 From: Dhiogo Brustolin Date: Mon, 26 Aug 2024 11:39:09 +0200 Subject: [PATCH 09/12] Update SentrySerialization.m --- Sources/Sentry/SentrySerialization.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/Sentry/SentrySerialization.m b/Sources/Sentry/SentrySerialization.m index 9f385154523..7bfc8746fe5 100644 --- a/Sources/Sentry/SentrySerialization.m +++ b/Sources/Sentry/SentrySerialization.m @@ -212,7 +212,7 @@ + (SentryEnvelope *_Nullable)envelopeWithData:(NSData *)data if (bodyLength > 0 && data.length < (i + 1 + bodyLength)) { SENTRY_LOG_ERROR(@"Envelope is corrupted or has invalid data. Trying to read %li " @"bytes by skiping %li from a buffer of %li bytes.", - (NSUInteger)data.length, bodyLength, i + 1); + (unsigned long)data.length, bodyLength, i + 1); return nil; } From afef63340ebb2106fcd1d251f4d691f20c8976b1 Mon Sep 17 00:00:00 2001 From: Sentry Github Bot Date: Mon, 26 Aug 2024 09:40:30 +0000 Subject: [PATCH 10/12] Format code --- Sources/Sentry/SentrySerialization.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/Sentry/SentrySerialization.m b/Sources/Sentry/SentrySerialization.m index 7bfc8746fe5..f03fa29b406 100644 --- a/Sources/Sentry/SentrySerialization.m +++ b/Sources/Sentry/SentrySerialization.m @@ -212,7 +212,7 @@ + (SentryEnvelope *_Nullable)envelopeWithData:(NSData *)data if (bodyLength > 0 && data.length < (i + 1 + bodyLength)) { SENTRY_LOG_ERROR(@"Envelope is corrupted or has invalid data. Trying to read %li " @"bytes by skiping %li from a buffer of %li bytes.", - (unsigned long)data.length, bodyLength, i + 1); + (unsigned long)data.length, bodyLength, i + 1); return nil; } From e5a5038ede5a611650ff1e0da3b2184c91324937 Mon Sep 17 00:00:00 2001 From: Dhiogo Brustolin Date: Mon, 26 Aug 2024 11:55:08 +0200 Subject: [PATCH 11/12] Update SentrySerialization.m --- Sources/Sentry/SentrySerialization.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/Sentry/SentrySerialization.m b/Sources/Sentry/SentrySerialization.m index f03fa29b406..b6b45fdb86f 100644 --- a/Sources/Sentry/SentrySerialization.m +++ b/Sources/Sentry/SentrySerialization.m @@ -212,7 +212,7 @@ + (SentryEnvelope *_Nullable)envelopeWithData:(NSData *)data if (bodyLength > 0 && data.length < (i + 1 + bodyLength)) { SENTRY_LOG_ERROR(@"Envelope is corrupted or has invalid data. Trying to read %li " @"bytes by skiping %li from a buffer of %li bytes.", - (unsigned long)data.length, bodyLength, i + 1); + (unsigned long)data.length, bodyLength, (long)(i + 1)); return nil; } From 8966958106eadab8b9da65baa5cd81a787af03f5 Mon Sep 17 00:00:00 2001 From: Dhiogo Brustolin Date: Mon, 26 Aug 2024 13:39:19 +0200 Subject: [PATCH 12/12] Update SentrySerialization.m --- Sources/Sentry/SentrySerialization.m | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Sources/Sentry/SentrySerialization.m b/Sources/Sentry/SentrySerialization.m index b6b45fdb86f..507490bf0d0 100644 --- a/Sources/Sentry/SentrySerialization.m +++ b/Sources/Sentry/SentrySerialization.m @@ -212,7 +212,7 @@ + (SentryEnvelope *_Nullable)envelopeWithData:(NSData *)data if (bodyLength > 0 && data.length < (i + 1 + bodyLength)) { SENTRY_LOG_ERROR(@"Envelope is corrupted or has invalid data. Trying to read %li " @"bytes by skiping %li from a buffer of %li bytes.", - (unsigned long)data.length, bodyLength, (long)(i + 1)); + (unsigned long)data.length, (unsigned long)bodyLength, (long)(i + 1)); return nil; }