-
Notifications
You must be signed in to change notification settings - Fork 84
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request from GHSA-w3f6-pc54-gfw7
* Refactor HPACK integer decoding Motivation: The HPACK integer decoding used a number of unchecked operations which can trap on some inputs. Since it is network reachable code, it should throw errors if the operations overflow. Modifications: - Add a failure case to the fuzz testing - Refactor the integer decoding to check for overflow on the arithmetic - This throws a new 'HPACKErrors.UnrepresentableInteger' error on overflow - Add a missing bounds check - Remove an unnecessary and incorrect path - Remove the default argument from the function driving the decoding, the default was not valid and would cause an assertion to fail if used - Return the decoded value as an `Int` rather than a `UInt` - More tests Result: Integer decoding is safer. * Use unchecked shifting * Use truncatingIfNeeded * make error internal
- Loading branch information
Showing
5 changed files
with
148 additions
and
62 deletions.
There are no files selected for viewing
Binary file added
BIN
+109 Bytes
FuzzTesting/FailCases/clusterfuzz-testcase-minimized-ServerFuzzer-release-5635720084062208
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters