Skip to content

Commit

Permalink
fix: flatbuffers offset overflow
Browse files Browse the repository at this point in the history 
Fix overflow panic when following the offset in malformed flatbuffers.

Refs nervosnetwork/cfb#15
  • Loading branch information
@doitian
doitian committed Apr 1, 2019
1 parent d1364d3 commit 1fe7e82
Show file tree
Hide file tree
Showing 16 changed files with 680 additions and 885 deletions.
4 changes: 3 additions & 1 deletion Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,9 @@ log = "0.4"
bytes = "0.4"
tokio-threadpool = "0.1"

flatbuffers = "0.5.0"
flatbuffers = { git = "https://github.com/google/flatbuffers", rev = "4f10da8d99c1a7bc8c9c7d06d2092a689f171d29" }
flatbuffers-verifier = { git = "https://github.com/nervosnetwork/cfb" }

multiaddr = { package = "parity-multiaddr", version = "0.2.0" }

[dev-dependencies]
Expand Down
29 changes: 29 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,15 @@
FLATC := flatc
CFBC := cfbc

FBS_FILES := \
src/protocol_select/protocol_select.fbs \
secio/src/handshake/handshake.fbs \
protocols/identify/src/protocol.fbs \
protocols/ping/src/protocol.fbs \
protocols/discovery/src/protocol.fbs

FLATC_RUST_FILES := $(patsubst %.fbs,%_generated.rs,${FBS_FILES})
FLATBUFFERS_VERIFIER_FILES := $(patsubst %.fbs,%_generated_verifier.rs,${FBS_FILES})

fmt:
cargo fmt --all -- --check
Expand All @@ -13,3 +25,20 @@ examples:

ci: fmt clippy test examples
git diff --exit-code Cargo.lock

%_generated_verifier.rs: %.fbs
$(FLATC) -b --schema -o $(shell dirname $@) $<
$(CFBC) -o $(shell dirname $@) $*.bfbs
rm -f $*_builder.rs $*.bfbs

%_generated.rs: %.fbs
$(FLATC) -r -o $(shell dirname $@) $<

gen-fb: $(FLATC_RUST_FILES) $(FLATBUFFERS_VERIFIER_FILES)

clean-fb:
rm -f $(FLATC_RUST_FILES) $(FLATBUFFERS_VERIFIER_FILES)



.PHONY: fmt clippy test examples ci gen-fb clean-fb
5 changes: 3 additions & 2 deletions protocols/discovery/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,8 @@ serde = "1.0"
serde_derive = "1.0"
trust-dns = "0.15"
rand = "0.6.1"
flatbuffers = "0.5.0"
flatbuffers = { git = "https://github.com/google/flatbuffers", rev = "4f10da8d99c1a7bc8c9c7d06d2092a689f171d29" }
flatbuffers-verifier = { git = "https://github.com/nervosnetwork/cfb" }

[dev-dependencies]
env_logger = "0.6"
env_logger = "0.6"
12 changes: 5 additions & 7 deletions protocols/discovery/src/protocol.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,18 +2,16 @@ use std::io;

use bytes::{Bytes, BytesMut};
use flatbuffers::FlatBufferBuilder;
use flatbuffers_verifier::get_root;
use log::debug;
use p2p::multiaddr::Multiaddr;
use tokio::codec::length_delimited::LengthDelimitedCodec;
use tokio::codec::{Decoder, Encoder};

use crate::{
protocol_generated::p2p::discovery::{
BytesBuilder, DiscoveryMessage as FbsDiscoveryMessage, DiscoveryMessageBuilder,
DiscoveryPayload as FbsDiscoveryPayload, GetNodes as FbsGetNodes, GetNodesBuilder,
NodeBuilder, Nodes as FbsNodes, NodesBuilder,
},
protocol_generated_verifier::get_root,
use crate::protocol_generated::p2p::discovery::{
BytesBuilder, DiscoveryMessage as FbsDiscoveryMessage, DiscoveryMessageBuilder,
DiscoveryPayload as FbsDiscoveryPayload, GetNodes as FbsGetNodes, GetNodesBuilder, NodeBuilder,
Nodes as FbsNodes, NodesBuilder,
};

pub(crate) struct DiscoveryCodec {
Expand Down
Loading

0 comments on commit 1fe7e82

Please sign in to comment.