Fix panic on bad length for SVCB record (#1467)

2021-04-20 23:56:52 -07:00 · 2021-04-20 23:56:52 -07:00 · bbc9d5e915
commit bbc9d5e915
parent e25bcf5c10
2 changed files with 25 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -24,6 +24,12 @@ All notes should be prepended with the location of the change, e.g. `(proto)` or

 - (proto) Panic when name exceeds maximal domain name length during display #1447

+## 0.20.2
+
+### Fixed
+
+- (proto) Panic on bad length in SVCB for record length #1465
+
 ## 0.20.1

 ### Added
--- a/crates/proto/src/rr/rdata/svcb.rs
+++ b/crates/proto/src/rr/rdata/svcb.rs
@ -1032,7 +1032,11 @@ pub fn read(decoder: &mut BinDecoder<'_>, rdata_length: Restrict<u16>) -> ProtoR
    let svc_priority = decoder.read_u16()?.unverified(/*any u16 is valid*/);
    let target_name = Name::read(decoder)?;

-    let mut remainder_len = rdata_length.map(|len| len as usize - (decoder.index() - start_index)).unverified(/*valid len*/);
+    let mut remainder_len = rdata_length
+        .map(|len| len as usize)
+        .checked_sub(decoder.index() - start_index)
+        .map_err(|len| format!("Bad length for RDATA of SVCB: {}", len))?
+        .unverified(); // valid len
    let mut svc_params: Vec<(SvcParamKey, SvcParamValue)> = Vec::new();

    // must have at least 4 bytes left for the key and the length
@ -1053,7 +1057,11 @@ pub fn read(decoder: &mut BinDecoder<'_>, rdata_length: Restrict<u16>) -> ProtoR
        }

        svc_params.push((key, value));
-        remainder_len = rdata_length.map(|len| len as usize - (decoder.index() - start_index)).unverified(/*valid len*/);
+        remainder_len = rdata_length
+            .map(|len| len as usize)
+            .checked_sub(decoder.index() - start_index)
+            .map_err(|len| format!("Bad length for RDATA of SVCB: {}", len))?
+            .unverified(); // valid len
    }

    Ok(SVCB {
@ -1211,4 +1219,13 @@ mod tests {
            ],
        ));
    }
+
+    #[test]
+    fn test_no_panic() {
+        const BUF: &[u8] = &[
+            255, 121, 0, 0, 0, 0, 40, 255, 255, 160, 160, 0, 0, 0, 64, 0, 1, 255, 158, 0, 0, 0, 8,
+            0, 0, 7, 7, 0, 0, 0, 0, 0, 0, 0,
+        ];
+        assert!(crate::op::Message::from_vec(&BUF).is_err());
+    }
 }