Skip to content

Commit 7d73f6a

Browse files
better0fdeadoleg-jukovec
better0fdead
authored and
oleg-jukovec
committed
connection: fix svacer issue
Changed type of 'length' variable in 'read' function to avoid overflow when calculating it.
1 parent 36b05f6 commit 7d73f6a

File tree

1 file changed

+11
-6
lines changed

1 file changed

+11
-6
lines changed

connection.go

+11-6
Original file line numberDiff line numberDiff line change
@@ -1158,7 +1158,7 @@ func (conn *Connection) timeouts() {
11581158
}
11591159

11601160
func read(r io.Reader, lenbuf []byte) (response []byte, err error) {
1161-
var length int
1161+
var length uint64
11621162

11631163
if _, err = io.ReadFull(r, lenbuf); err != nil {
11641164
return
@@ -1167,15 +1167,20 @@ func read(r io.Reader, lenbuf []byte) (response []byte, err error) {
11671167
err = errors.New("wrong response header")
11681168
return
11691169
}
1170-
length = (int(lenbuf[1]) << 24) +
1171-
(int(lenbuf[2]) << 16) +
1172-
(int(lenbuf[3]) << 8) +
1173-
int(lenbuf[4])
1170+
length = (uint64(lenbuf[1]) << 24) +
1171+
(uint64(lenbuf[2]) << 16) +
1172+
(uint64(lenbuf[3]) << 8) +
1173+
uint64(lenbuf[4])
11741174

1175-
if length == 0 {
1175+
switch {
1176+
case length == 0:
11761177
err = errors.New("response should not be 0 length")
11771178
return
1179+
case length > math.MaxUint32:
1180+
err = errors.New("response is too big")
1181+
return
11781182
}
1183+
11791184
response = make([]byte, length)
11801185
_, err = io.ReadFull(r, response)
11811186

0 commit comments

Comments
 (0)