Skip to content

Commit

Permalink
Add more sanity checks on a new connection
Browse files Browse the repository at this point in the history
* If there is an incoming random message, where `CRC_ON_ENTIRE_MESSAGE`
flag is randomly set, NuRaft tries to read the entire message for CRC
check. That requires allocating a memory blob with the given size
(also a random number) which most likely causes problem.

* Added more sanity checks before the memory allocation.
  • Loading branch information
greensky00 committed May 15, 2024
1 parent 929132f commit dcff7c0
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 7 deletions.
2 changes: 1 addition & 1 deletion include/libnuraft/msg_type.hxx
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ enum msg_type {

inline bool ATTR_UNUSED is_valid_msg(msg_type type) {
if ( type >= request_vote_request &&
type <= other_response ) {
type <= custom_notification_response ) {
return true;
}
return false;
Expand Down
21 changes: 15 additions & 6 deletions src/asio_service.cxx
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,8 @@ limitations under the License.
#include <atomic>
#include <ctime>
#include <exception>
#include <fstream>
#include <list>
#include <queue>
#include <thread>
#include <regex>

#ifdef USE_BOOST_ASIO
using namespace boost;
Expand Down Expand Up @@ -382,9 +379,21 @@ class rpc_session
// byte marker = header_->get_byte();
h_bs.pos(0);
byte marker = h_bs.get_u8();
if (marker == 0x1) {
// Means that this is RPC_RESP, shouldn't happen.
p_er("Wrong packet: expected REQ, got RESP");
if (marker != 0x0) {
// Means that this is not RPC_REQ, shouldn't happen.
p_er("Wrong packet: expected REQ, got %u", marker);

if (impl_->get_options().corrupted_msg_handler_) {
impl_->get_options().corrupted_msg_handler_(header_, nullptr);
}

this->stop();
return;
}

msg_type m_type = (msg_type)h_bs.get_u8();
if (!is_valid_msg(m_type)) {
p_er("Wrong message type: got %u", (uint8_t)m_type);

if (impl_->get_options().corrupted_msg_handler_) {
impl_->get_options().corrupted_msg_handler_(header_, nullptr);
Expand Down

0 comments on commit dcff7c0

Please sign in to comment.