Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dgram: fix send with out of bounds offset + length #40568

Closed
wants to merge 3 commits into from

Conversation

Linkgoron
Copy link
Member

@Linkgoron Linkgoron commented Oct 22, 2021

fix Socket.prototype.send sending garbage when the message is a string, and offset+length is out of bounds.

When a string message was sent with offset/length, the underlying buffer from Buffer.from was sent without checking the original string's length, and garbage was sent if length/offset were too long. Instead, the method now throws an ERR_OUT_OF_RANGE ERR_BUFFER_OUT_OF_BOUNDS error.

Edit:
Also added checks for Buffers

Fixes: #40491

@nodejs-github-bot nodejs-github-bot added dgram Issues and PRs related to the dgram subsystem / UDP. needs-ci PRs that need a full CI run. labels Oct 22, 2021
@Linkgoron Linkgoron force-pushed the dgram-fix-str-with-len branch from 4e3776a to 6b2f4fc Compare October 22, 2021 17:15
@nodejs-github-bot

This comment has been minimized.

@nodejs-github-bot

This comment has been minimized.

@nodejs-github-bot
Copy link
Collaborator

lib/dgram.js Outdated Show resolved Hide resolved
@mscdex
Copy link
Contributor

mscdex commented Oct 22, 2021

Do we need to do the same checks for non-strings as well? The same test file verifies errors are thrown for some ranges, but I'm not sure if it covers all cases.

@Linkgoron
Copy link
Member Author

Linkgoron commented Oct 22, 2021

Do we need to do the same checks for non-strings as well? The same test file verifies errors are thrown for some ranges, but I'm not sure if it covers all cases.

I think you're correct and that the following (for example) might show a similar error:

sock.send(Buffer.from('hello'), 3, 4);

Maybe I should add the check for all inputs.

@Linkgoron Linkgoron force-pushed the dgram-fix-str-with-len branch from 6b2f4fc to 3fdfdac Compare October 22, 2021 21:08
@Linkgoron
Copy link
Member Author

Linkgoron commented Oct 22, 2021

Do we need to do the same checks for non-strings as well? The same test file verifies errors are thrown for some ranges, but I'm not sure if it covers all cases.

It looks like in addition to strings, checks for Buffers in general were missing, and I also found a minor edge case for DataView which uses data that it should not use (if byteOffset is used on the DataView, it still uses extra data in the buffer). I've used ERR_BUFFER_OUT_OF_BOUNDS in order to keep the Errors for the covered cases the same as they were in previous versions (instead of ERR_OUT_OF_RANGE).

fix Socket.prototype.send sending garbage when the message is a string,
or Buffer and offset+length is out of bounds.

Fixes: nodejs#40491
@Linkgoron Linkgoron force-pushed the dgram-fix-str-with-len branch from 3fdfdac to 63a0887 Compare October 22, 2021 21:15
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

@Mesteery Mesteery removed the needs-ci PRs that need a full CI run. label Oct 23, 2021
@nodejs-github-bot
Copy link
Collaborator

@Linkgoron Linkgoron force-pushed the dgram-fix-str-with-len branch from dcde72f to c829552 Compare October 24, 2021 16:40
@nodejs-github-bot
Copy link
Collaborator

@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Oct 24, 2021

@Linkgoron Linkgoron added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Oct 25, 2021
@VoltrexKeyva VoltrexKeyva added the commit-queue Add this label to land a pull request using GitHub Actions. label Oct 25, 2021
@github-actions github-actions bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Oct 25, 2021
@github-actions
Copy link
Contributor

Landed in 3b9044b...2413283

@github-actions github-actions bot closed this Oct 25, 2021
nodejs-github-bot pushed a commit that referenced this pull request Oct 25, 2021
fix Socket.prototype.send sending garbage when the message is a string,
or Buffer and offset+length is out of bounds.

Fixes: #40491

PR-URL: #40568
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
targos pushed a commit that referenced this pull request Nov 6, 2021
fix Socket.prototype.send sending garbage when the message is a string,
or Buffer and offset+length is out of bounds.

Fixes: #40491

PR-URL: #40568
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@targos targos mentioned this pull request Nov 8, 2021
BethGriggs pushed a commit that referenced this pull request Nov 25, 2021
fix Socket.prototype.send sending garbage when the message is a string,
or Buffer and offset+length is out of bounds.

Fixes: #40491

PR-URL: #40568
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@BethGriggs BethGriggs mentioned this pull request Nov 26, 2021
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. dgram Issues and PRs related to the dgram subsystem / UDP.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

UDP socket sends garbage when excess length is specified
8 participants