Skip to content

dgram: fix send with out of bounds offset + length #40568

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

dgram: fix send with out of bounds offset + length #40568

wants to merge 3 commits into from

Conversation

@Linkgoron
Copy link
Contributor

@Linkgoron Linkgoron commented Oct 22, 2021
edited
Loading

fix Socket.prototype.send sending garbage when the message is a string, and offset+length is out of bounds.

When a string message was sent with offset/length, the underlying buffer from Buffer.from was sent without checking the original string's length, and garbage was sent if length/offset were too long. Instead, the method now throws an ERR_OUT_OF_RANGE ERR_BUFFER_OUT_OF_BOUNDS error.

Edit:
Also added checks for Buffers

Fixes: #40491

@nodejs-github-bot nodejs-github-bot added dgram Issues and PRs related to the dgram subsystem / UDP. needs-ci PRs that need a full CI run. labels Oct 22, 2021
@Linkgoron Linkgoron force-pushed the dgram-fix-str-with-len branch from 4e3776a to 6b2f4fc Compare October 22, 2021 17:15
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 22, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/40407/

mscdex
mscdex reviewed Oct 22, 2021
View reviewed changes
@mscdex
Copy link
Contributor

mscdex commented Oct 22, 2021

Do we need to do the same checks for non-strings as well? The same test file verifies errors are thrown for some ranges, but I'm not sure if it covers all cases.

@Linkgoron
Copy link
Contributor Author

Linkgoron commented Oct 22, 2021
edited
Loading

Do we need to do the same checks for non-strings as well? The same test file verifies errors are thrown for some ranges, but I'm not sure if it covers all cases.

I think you're correct and that the following (for example) might show a similar error:

sock.send(Buffer.from('hello'), 3, 4);

Maybe I should add the check for all inputs.

@Linkgoron Linkgoron force-pushed the dgram-fix-str-with-len branch from 6b2f4fc to 3fdfdac Compare October 22, 2021 21:08
@Linkgoron
Copy link
Contributor Author

Linkgoron commented Oct 22, 2021
edited
Loading

Do we need to do the same checks for non-strings as well? The same test file verifies errors are thrown for some ranges, but I'm not sure if it covers all cases.

It looks like in addition to strings, checks for Buffers in general were missing, and I also found a minor edge case for DataView which uses data that it should not use (if byteOffset is used on the DataView, it still uses extra data in the buffer). I've used ERR_BUFFER_OUT_OF_BOUNDS in order to keep the Errors for the covered cases the same as they were in previous versions (instead of ERR_OUT_OF_RANGE).

@Linkgoron
dgram: fix send with out of bounds offset + length
63a0887 
fix Socket.prototype.send sending garbage when the message is a string,
or Buffer and offset+length is out of bounds.

Fixes: nodejs#40491
@Linkgoron Linkgoron force-pushed the dgram-fix-str-with-len branch from 3fdfdac to 63a0887 Compare October 22, 2021 21:15
@Linkgoron Linkgoron force-pushed the dgram-fix-str-with-len branch from 3b23094 to b392a94 Compare October 22, 2021 22:06
@github-actions github-actions bot mentioned this pull request Oct 23, 2021
Open
31 tasks
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 23, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/40409/

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 23, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/40413/

@Mesteery Mesteery removed the needs-ci PRs that need a full CI run. label Oct 23, 2021
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 23, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/40422/

@github-actions github-actions bot mentioned this pull request Oct 24, 2021
Open
31 tasks
@Linkgoron Linkgoron force-pushed the dgram-fix-str-with-len branch from dcde72f to c829552 Compare October 24, 2021 16:40
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 24, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/40448/

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 24, 2021
edited by Linkgoron
Loading

CI: https://ci.nodejs.org/job/node-test-pull-request/40450/

@github-actions github-actions bot mentioned this pull request Oct 25, 2021
Open
24 tasks
@Linkgoron Linkgoron added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Oct 25, 2021
@VoltrexKeyva VoltrexKeyva added the commit-queue Add this label to land a pull request using GitHub Actions. label Oct 25, 2021
@github-actions github-actions bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Oct 25, 2021
@github-actions
Copy link
Contributor

github-actions bot commented Oct 25, 2021

Landed in 3b9044b...2413283

@github-actions github-actions bot closed this Oct 25, 2021
nodejs-github-bot pushed a commit that referenced this pull request Oct 25, 2021
@Linkgoron @nodejs-github-bot
dgram: fix send with out of bounds offset + length
2413283 
fix Socket.prototype.send sending garbage when the message is a string,
or Buffer and offset+length is out of bounds.

Fixes: #40491

PR-URL: #40568
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This was referenced Oct 26, 2021
Open
Open
Open
Open
targos pushed a commit that referenced this pull request Nov 6, 2021
@Linkgoron @targos
dgram: fix send with out of bounds offset + length
79bf429 
fix Socket.prototype.send sending garbage when the message is a string,
or Buffer and offset+length is out of bounds.

Fixes: #40491

PR-URL: #40568
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@targos targos mentioned this pull request Nov 8, 2021
Merged
BethGriggs pushed a commit that referenced this pull request Nov 25, 2021
@Linkgoron @BethGriggs
dgram: fix send with out of bounds offset + length
23d11a1 
fix Socket.prototype.send sending garbage when the message is a string,
or Buffer and offset+length is out of bounds.

Fixes: #40491

PR-URL: #40568
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@BethGriggs BethGriggs mentioned this pull request Nov 26, 2021
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasnell jasnell jasnell approved these changes

@benjamingr benjamingr benjamingr approved these changes

@cjihrig cjihrig cjihrig approved these changes

+1 more reviewer

@mscdex mscdex mscdex left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. dgram Issues and PRs related to the dgram subsystem / UDP.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

UDP socket sends garbage when excess length is specified

8 participants

@Linkgoron @nodejs-github-bot @mscdex @jasnell @benjamingr @cjihrig @Mesteery @VoltrexKeyva