MaxPayload size is ignored #95

dgryski · 2015-08-02T07:02:56Z

The max_payload configuration option is ignored when parsing.

This opens up two DoS vectors that cause crashes in gnatsd.

PUB o 680444720440
produces the following panic() output:

panic: runtime error: makeslice: cap out of range

goroutine 9 [running]:
github.com/nats-io/gnatsd/server.(*client).parse(0xc820132000, 0xc82013c000, 0x13, 0x8000, 0x0, 0x0)
    /home/dgryski/work/src/cvs/gocode/src/github.com/nats-io/gnatsd/server/parser.go:630 +0x291
github.com/nats-io/gnatsd/server.(*client).readLoop(0xc820132000)
    /home/dgryski/work/src/cvs/gocode/src/github.com/nats-io/gnatsd/server/client.go:155 +0x194
created by github.com/nats-io/gnatsd/server.(*client).initClient
    /home/dgryski/work/src/cvs/gocode/src/github.com/nats-io/gnatsd/server/client.go:133 +0x782

and 2) PUB 0 8000000000

produces an out-of-memory error on the same line

The text was updated successfully, but these errors were encountered:

dgryski · 2015-08-02T07:07:10Z

This issue was found by https://github.com/dvyukov/go-fuzz testing server/parser.go using the existing tests as a seed corpus.

derekcollison · 2015-08-03T19:59:27Z

Nice! I have some time this week, will address. Appreciate the effort.

derekcollison · 2015-08-06T07:22:05Z

This is fixed with this commit, 075529e

derekcollison closed this as completed Aug 6, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

MaxPayload size is ignored #95

MaxPayload size is ignored #95

dgryski commented Aug 2, 2015

dgryski commented Aug 2, 2015

derekcollison commented Aug 3, 2015

derekcollison commented Aug 6, 2015

MaxPayload size is ignored #95

MaxPayload size is ignored #95

Comments

dgryski commented Aug 2, 2015

dgryski commented Aug 2, 2015

derekcollison commented Aug 3, 2015

derekcollison commented Aug 6, 2015