Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dgram: fix send with out of bounds offset + length #40568

Closed
wants to merge 3 commits into from
Closed

dgram: fix send with out of bounds offset + length #40568

wants to merge 3 commits into from

Conversation

Linkgoron
Copy link
Member

@Linkgoron Linkgoron commented Oct 22, 2021
edited
Loading

fix Socket.prototype.send sending garbage when the message is a string, and offset+length is out of bounds.

When a string message was sent with offset/length, the underlying buffer from Buffer.from was sent without checking the original string's length, and garbage was sent if length/offset were too long. Instead, the method now throws an ERR_OUT_OF_RANGE ERR_BUFFER_OUT_OF_BOUNDS error.

Edit:
Also added checks for Buffers

Fixes: #40491

@nodejs-github-bot nodejs-github-bot added dgram Issues and PRs related to the dgram subsystem / UDP. needs-ci PRs that need a full CI run. labels Oct 22, 2021
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/40407/

mscdex
mscdex reviewed Oct 22, 2021
View reviewed changes
lib/dgram.js Outdated Show resolved Hide resolved
@mscdex
Copy link
Contributor

mscdex commented Oct 22, 2021

Do we need to do the same checks for non-strings as well? The same test file verifies errors are thrown for some ranges, but I'm not sure if it covers all cases.

@Linkgoron
Copy link
Member Author

Linkgoron commented Oct 22, 2021
edited
Loading

Do we need to do the same checks for non-strings as well? The same test file verifies errors are thrown for some ranges, but I'm not sure if it covers all cases.

I think you're correct and that the following (for example) might show a similar error:

sock.send(Buffer.from('hello'), 3, 4);

Maybe I should add the check for all inputs.

@Linkgoron
Copy link
Member Author

Linkgoron commented Oct 22, 2021
edited
Loading

Do we need to do the same checks for non-strings as well? The same test file verifies errors are thrown for some ranges, but I'm not sure if it covers all cases.

It looks like in addition to strings, checks for Buffers in general were missing, and I also found a minor edge case for DataView which uses data that it should not use (if byteOffset is used on the DataView, it still uses extra data in the buffer). I've used ERR_BUFFER_OUT_OF_BOUNDS in order to keep the Errors for the covered cases the same as they were in previous versions (instead of ERR_OUT_OF_RANGE).

@Linkgoron
dgram: fix send with out of bounds offset + length
63a0887 
fix Socket.prototype.send sending garbage when the message is a string,
or Buffer and offset+length is out of bounds.

Fixes: nodejs#40491
@github-actions github-actions bot mentioned this pull request Oct 23, 2021
Open
31 tasks
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/40409/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/40413/

@Mesteery Mesteery removed the needs-ci PRs that need a full CI run. label Oct 23, 2021
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/40422/

@github-actions github-actions bot mentioned this pull request Oct 24, 2021
Open
31 tasks
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/40448/

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 24, 2021
edited by Linkgoron
Loading

CI: https://ci.nodejs.org/job/node-test-pull-request/40450/

@github-actions github-actions bot mentioned this pull request Oct 25, 2021
Open
24 tasks
@Linkgoron Linkgoron added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Oct 25, 2021
@VoltrexKeyva VoltrexKeyva added the commit-queue Add this label to land a pull request using GitHub Actions. label Oct 25, 2021
@github-actions github-actions bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Oct 25, 2021
@github-actions
Copy link
Contributor

Landed in 3b9044b...2413283

@github-actions github-actions bot closed this Oct 25, 2021
nodejs-github-bot pushed a commit that referenced this pull request Oct 25, 2021
@Linkgoron @nodejs-github-bot
dgram: fix send with out of bounds offset + length
2413283 
fix Socket.prototype.send sending garbage when the message is a string,
or Buffer and offset+length is out of bounds.

Fixes: #40491

PR-URL: #40568
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This was referenced Oct 26, 2021
Open
Open
Open
Open
targos pushed a commit that referenced this pull request Nov 6, 2021
@Linkgoron @targos
dgram: fix send with out of bounds offset + length
79bf429 
fix Socket.prototype.send sending garbage when the message is a string,
or Buffer and offset+length is out of bounds.

Fixes: #40491

PR-URL: #40568
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@targos targos mentioned this pull request Nov 8, 2021
Merged
BethGriggs pushed a commit that referenced this pull request Nov 25, 2021
@Linkgoron @BethGriggs
dgram: fix send with out of bounds offset + length
23d11a1 
fix Socket.prototype.send sending garbage when the message is a string,
or Buffer and offset+length is out of bounds.

Fixes: #40491

PR-URL: #40568
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@BethGriggs BethGriggs mentioned this pull request Nov 26, 2021
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mscdex mscdex mscdex left review comments

@cjihrig cjihrig cjihrig approved these changes

@benjamingr benjamingr benjamingr approved these changes

@jasnell jasnell jasnell approved these changes

Assignees
No one assigned
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. dgram Issues and PRs related to the dgram subsystem / UDP.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

UDP socket sends garbage when excess length is specified
8 participants
@Linkgoron @nodejs-github-bot @mscdex @jasnell @benjamingr @cjihrig @Mesteery @VoltrexKeyva