Add length check for frames.

Author: jjeffcaii

rsocket-test/tests/test_composite_metadata.rs

@@ -1,9 +1,9 @@
-use bytes::BytesMut;
+use bytes::{BufMut, BytesMut};
 use rsocket_rust::extension::{self, CompositeMetadata, CompositeMetadataEntry, MimeType};
 use rsocket_rust::utils::Writeable;
 
 #[test]
-fn encode_and_decode_composite_metadata() {
+fn test_encode_and_decode() {
     let bingo = |metadatas: Vec<&CompositeMetadataEntry>| {
         assert_eq!(2, metadatas.len());
         assert_eq!(
@@ -29,3 +29,13 @@ fn encode_and_decode_composite_metadata() {
     let cm2 = CompositeMetadata::decode(&mut bf).unwrap();
     bingo(cm2.iter().collect());
 }
+
+#[test]
+fn test_bad() {
+    let mut bf = BytesMut::new();
+    bf.put_slice(b"must bad");
+    assert!(
+        CompositeMetadata::decode(&mut bf).is_err(),
+        "should be error"
+    )
+}

rsocket-test/tests/test_mimes.rs

@@ -2,6 +2,15 @@ extern crate rsocket_rust;
 
 use rsocket_rust::extension::{self, MimeType};
 
+#[test]
+fn test_from_str() {
+    let result = MimeType::from("foobar");
+    match result {
+        MimeType::WellKnown(_) => panic!("failed"),
+        MimeType::Normal(s) => assert_eq!(&s, "foobar"),
+    }
+}
+
 #[test]
 fn test_wellknown() {
     let well = MimeType::from("application/json");
@@ -10,3 +19,20 @@ fn test_wellknown() {
     let custom = MimeType::from("application/custom");
     assert_eq!(MimeType::Normal("application/custom".to_owned()), custom);
 }
+
+#[test]
+fn test_parse() {
+    assert!(MimeType::parse(0xFF).is_none(), "should be none");
+    for x in 0..0x29 {
+        assert!(MimeType::parse(x).is_some(), "should not be none");
+    }
+    for x in 0x29..0x7A {
+        assert!(MimeType::parse(x).is_none(), "should be none");
+    }
+    for x in 0x7A..0x80 {
+        assert!(MimeType::parse(x).is_some(), "should not be none");
+    }
+    for x in 0x80..0xFF {
+        assert!(MimeType::parse(x).is_none(), "should be none");
+    }
+}

rsocket/src/error.rs

@@ -19,6 +19,7 @@ pub enum ErrorKind {
     WithDescription(String),
     IO(io::Error),
     Cancelled(),
+    LengthTooShort(usize),
 }
 
 #[derive(Debug)]
@@ -35,6 +36,7 @@ impl fmt::Display for RSocketError {
             ErrorKind::WithDescription(s) => write!(f, "{}", s),
             ErrorKind::IO(e) => write!(f, "{}", e),
             ErrorKind::Cancelled() => write!(f, "ERROR(CANCELLED)"),
+            ErrorKind::LengthTooShort(n) => write!(f, "ERROR(MINIMAL LENGTH {})", n),
         }
     }
 }

rsocket/src/extension/mime.rs

@@ -16,9 +16,6 @@ lazy_static! {
         }
         m
     };
-}
-
-lazy_static! {
     static ref STR_TO_U8: HashMap<&'static str, u8> = {
         let mut m = HashMap::new();
         for it in list_all().iter() {
@@ -58,7 +55,7 @@ impl AsRef<str> for MimeType {
 
 impl From<&str> for MimeType {
     fn from(value: &str) -> MimeType {
-        match STR_TO_U8.get(&value) {
+        match STR_TO_U8.get(value) {
             Some(v) => Self::WellKnown(*v),
             None => Self::Normal(value.to_owned()),
         }

rsocket/src/frame/error.rs

@@ -1,3 +1,4 @@
+use super::utils::too_short;
 use super::{Body, Frame};
 use crate::utils::{RSocketResult, Writeable};
 use bytes::{Buf, BufMut, Bytes, BytesMut};
@@ -44,13 +45,17 @@ impl ErrorBuilder {
 
 impl Error {
     pub(crate) fn decode(flag: u16, bf: &mut BytesMut) -> RSocketResult<Error> {
-        let code = bf.get_u32();
-        let d: Option<Bytes> = if !bf.is_empty() {
-            Some(bf.to_bytes())
+        if bf.len() < 4 {
+            too_short(4)
         } else {
-            None
-        };
-        Ok(Error { code, data: d })
+            let code = bf.get_u32();
+            let data: Option<Bytes> = if !bf.is_empty() {
+                Some(bf.to_bytes())
+            } else {
+                None
+            };
+            Ok(Error { code, data })
+        }
     }
 
     pub fn builder(stream_id: u32, flag: u16) -> ErrorBuilder {

rsocket/src/frame/keepalive.rs

@@ -1,3 +1,4 @@
+use super::utils::too_short;
 use super::{Body, Frame};
 use crate::utils::{RSocketResult, Writeable};
 use bytes::{Buf, BufMut, Bytes, BytesMut};
@@ -43,14 +44,18 @@ impl KeepaliveBuilder {
 
 impl Keepalive {
     pub(crate) fn decode(flag: u16, bf: &mut BytesMut) -> RSocketResult<Keepalive> {
-        let position = bf.get_u64();
-        let mut d: Option<Bytes> = None;
-        if !bf.is_empty() {
-            d = Some(bf.to_bytes());
+        if bf.len() < 8 {
+            return too_short(8);
         }
+        let position = bf.get_u64();
+        let data = if bf.is_empty() {
+            None
+        } else {
+            Some(bf.to_bytes())
+        };
         Ok(Keepalive {
             last_received_position: position,
-            data: d,
+            data,
         })
     }
 

rsocket/src/frame/lease.rs

@@ -1,3 +1,4 @@
+use super::utils::too_short;
 use super::{Body, Frame};
 use crate::utils::{RSocketResult, Writeable};
 use bytes::{Buf, BufMut, Bytes, BytesMut};
@@ -51,6 +52,9 @@ impl LeaseBuilder {
 
 impl Lease {
     pub(crate) fn decode(flag: u16, bf: &mut BytesMut) -> RSocketResult<Lease> {
+        if bf.len() < 8 {
+            return too_short(8);
+        }
         let ttl = bf.get_u32();
         let n = bf.get_u32();
         let m = if flag & Frame::FLAG_METADATA != 0 {

rsocket/src/frame/mod.rs

@@ -1,4 +1,4 @@
-use crate::error::RSocketError;
+use crate::error::{ErrorKind, RSocketError};
 use crate::utils::{RSocketResult, Writeable};
 use bytes::{Buf, BufMut, Bytes, BytesMut};
 
@@ -145,7 +145,9 @@ impl Frame {
     }
 
     pub fn decode(b: &mut BytesMut) -> RSocketResult<Frame> {
-        // TODO: check size
+        if b.len() < LEN_HEADER {
+            return Err(ErrorKind::LengthTooShort(LEN_HEADER).into());
+        }
         let sid = b.get_u32();
         let n = b.get_u16();
         let (flag, kind) = (n & 0x03FF, (n & 0xFC00) >> 10);

rsocket/src/frame/payload.rs

@@ -1,3 +1,4 @@
+use super::utils::{read_payload, too_short};
 use super::{Body, Frame, PayloadSupport};
 use crate::utils::{RSocketResult, Writeable};
 use bytes::{BufMut, Bytes, BytesMut};
@@ -59,11 +60,7 @@ impl PayloadBuilder {
 
 impl Payload {
     pub(crate) fn decode(flag: u16, bf: &mut BytesMut) -> RSocketResult<Payload> {
-        let (m, d) = PayloadSupport::read(flag, bf);
-        Ok(Payload {
-            metadata: m,
-            data: d,
-        })
+        read_payload(flag, bf).map(|(metadata, data)| Payload { metadata, data })
     }
 
     pub fn builder(stream_id: u32, flag: u16) -> PayloadBuilder {

rsocket/src/frame/request_channel.rs

@@ -1,3 +1,4 @@
+use super::utils::{read_payload, too_short};
 use super::{Body, Frame, PayloadSupport, REQUEST_MAX};
 use crate::utils::{RSocketResult, Writeable};
 use bytes::{Buf, BufMut, Bytes, BytesMut};
@@ -66,13 +67,16 @@ impl RequestChannelBuilder {
 
 impl RequestChannel {
     pub(crate) fn decode(flag: u16, bf: &mut BytesMut) -> RSocketResult<RequestChannel> {
-        let n = bf.get_u32();
-        let (m, d) = PayloadSupport::read(flag, bf);
-        Ok(RequestChannel {
-            initial_request_n: n,
-            metadata: m,
-            data: d,
-        })
+        if bf.len() < 4 {
+            too_short(4)
+        } else {
+            let initial_request_n = bf.get_u32();
+            read_payload(flag, bf).map(move |(metadata, data)| RequestChannel {
+                initial_request_n,
+                metadata,
+                data,
+            })
+        }
     }
 
     pub fn builder(stream_id: u32, flag: u16) -> RequestChannelBuilder {