mudhorn/prometheus
1
0
Fork 0
mirror of https://github.com/prometheus/prometheus.git synced 2025-03-05 20:59:13 -08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

storage: Verify validity of byte length when unmarshalling (double)delta chunks

Browse source 
This makes sure a division-by-zero crash cannot happen in the Len()
method.

Fixes #2773
This commit is contained in:
beorn7 2016-12-13 16:51:02 +01:00
parent e714079cf2
commit 485ac8dff7
3 changed files with 60 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
storage/local/chunk/delta.go
View file

@ -238,27 +238,36 @@ func (c *deltaEncodedChunk) Unmarshal(r io.Reader) error {
if _, err := io.ReadFull(r, *c); err != nil { if _, err := io.ReadFull(r, *c); err != nil {
return err return err
} }
l := binary.LittleEndian.Uint16((*c)[deltaHeaderBufLenOffset:]) return c.setLen()
if int(l) > cap(*c) {
return fmt.Errorf("chunk length exceeded during unmarshaling: %d", l)
}
if int(l) < deltaHeaderBytes {
return fmt.Errorf("chunk length less than header size: %d < %d", l, deltaHeaderBytes)
}
*c = (*c)[:l]
return nil
} }
// UnmarshalFromBuf implements chunk. // UnmarshalFromBuf implements chunk.
func (c *deltaEncodedChunk) UnmarshalFromBuf(buf []byte) error { func (c *deltaEncodedChunk) UnmarshalFromBuf(buf []byte) error {
*c = (*c)[:cap(*c)] *c = (*c)[:cap(*c)]
copy(*c, buf) copy(*c, buf)
return c.setLen()
}
// setLen sets the length of the underlying slice and performs some sanity checks.
func (c *deltaEncodedChunk) setLen() error {
l := binary.LittleEndian.Uint16((*c)[deltaHeaderBufLenOffset:]) l := binary.LittleEndian.Uint16((*c)[deltaHeaderBufLenOffset:])
if int(l) > cap(*c) { if int(l) > cap(*c) {
return fmt.Errorf("chunk length exceeded during unmarshaling: %d", l) return fmt.Errorf("delta chunk length exceeded during unmarshaling: %d", l)
} }
if int(l) < deltaHeaderBytes { if int(l) < deltaHeaderBytes {
return fmt.Errorf("chunk length less than header size: %d < %d", l, deltaHeaderBytes) return fmt.Errorf("delta chunk length less than header size: %d < %d", l, deltaHeaderBytes)
}
switch c.timeBytes() {
case d1, d2, d4, d8:
// Pass.
default:
return fmt.Errorf("invalid number of time bytes in delta chunk: %d", c.timeBytes())
}
switch c.valueBytes() {
case d0, d1, d2, d4, d8:
// Pass.
default:
return fmt.Errorf("invalid number of value bytes in delta chunk: %d", c.valueBytes())
} }
*c = (*c)[:l] *c = (*c)[:l]
return nil return nil

27
storage/local/chunk/delta_test.go
View file

@ -32,21 +32,20 @@ func TestUnmarshalingCorruptedDeltaReturnsAnError(t *testing.T) {
err error, err error,
chunkTypeName string, chunkTypeName string,
unmarshalMethod string, unmarshalMethod string,
badLen int) { expectedStr string,
) {
if err == nil { if err == nil {
t.Errorf("Failed to obtain an error when unmarshalling %s (from %s) with corrupt length of %d", chunkTypeName, unmarshalMethod, badLen) t.Errorf("Failed to obtain an error when unmarshalling corrupt %s (from %s)", chunkTypeName, unmarshalMethod)
return return
} }
expectedStr := "header size"
if !strings.Contains(err.Error(), expectedStr) { if !strings.Contains(err.Error(), expectedStr) {
t.Errorf( t.Errorf(
"'%s' not present in error when unmarshalling %s (from %s) with corrupt length %d: '%s'", "'%s' not present in error when unmarshalling corrupt %s (from %s): '%s'",
expectedStr, expectedStr,
chunkTypeName, chunkTypeName,
unmarshalMethod, unmarshalMethod,
badLen,
err.Error()) err.Error())
} }
} }
@ -56,6 +55,7 @@ func TestUnmarshalingCorruptedDeltaReturnsAnError(t *testing.T) {
chunkConstructor func(deltaBytes, deltaBytes, bool, int) Chunk chunkConstructor func(deltaBytes, deltaBytes, bool, int) Chunk
minHeaderLen int minHeaderLen int
chunkLenPos int chunkLenPos int
timeBytesPos int
}{ }{
{ {
chunkTypeName: "deltaEncodedChunk", chunkTypeName: "deltaEncodedChunk",
@ -64,6 +64,7 @@ func TestUnmarshalingCorruptedDeltaReturnsAnError(t *testing.T) {
}, },
minHeaderLen: deltaHeaderBytes, minHeaderLen: deltaHeaderBytes,
chunkLenPos: deltaHeaderBufLenOffset, chunkLenPos: deltaHeaderBufLenOffset,
timeBytesPos: deltaHeaderTimeBytesOffset,
}, },
{ {
chunkTypeName: "doubleDeltaEncodedChunk", chunkTypeName: "doubleDeltaEncodedChunk",
@ -72,6 +73,7 @@ func TestUnmarshalingCorruptedDeltaReturnsAnError(t *testing.T) {
}, },
minHeaderLen: doubleDeltaHeaderMinBytes, minHeaderLen: doubleDeltaHeaderMinBytes,
chunkLenPos: doubleDeltaHeaderBufLenOffset, chunkLenPos: doubleDeltaHeaderBufLenOffset,
timeBytesPos: doubleDeltaHeaderTimeBytesOffset,
}, },
} }
for _, c := range cases { for _, c := range cases {
@ -89,15 +91,26 @@ func TestUnmarshalingCorruptedDeltaReturnsAnError(t *testing.T) {
cs[0].MarshalToBuf(buf) cs[0].MarshalToBuf(buf)
// Corrupt time byte to 0, which is illegal.
buf[c.timeBytesPos] = 0
err = cs[0].UnmarshalFromBuf(buf)
verifyUnmarshallingError(err, c.chunkTypeName, "buf", "invalid number of time bytes")
err = cs[0].Unmarshal(bytes.NewBuffer(buf))
verifyUnmarshallingError(err, c.chunkTypeName, "Reader", "invalid number of time bytes")
// Fix the corruption to go on.
buf[c.timeBytesPos] = byte(d1)
// Corrupt the length to be every possible too-small value // Corrupt the length to be every possible too-small value
for i := 0; i < c.minHeaderLen; i++ { for i := 0; i < c.minHeaderLen; i++ {
binary.LittleEndian.PutUint16(buf[c.chunkLenPos:], uint16(i)) binary.LittleEndian.PutUint16(buf[c.chunkLenPos:], uint16(i))
err = cs[0].UnmarshalFromBuf(buf) err = cs[0].UnmarshalFromBuf(buf)
verifyUnmarshallingError(err, c.chunkTypeName, "buf", i) verifyUnmarshallingError(err, c.chunkTypeName, "buf", "header size")
err = cs[0].Unmarshal(bytes.NewBuffer(buf)) err = cs[0].Unmarshal(bytes.NewBuffer(buf))
verifyUnmarshallingError(err, c.chunkTypeName, "Reader", i) verifyUnmarshallingError(err, c.chunkTypeName, "Reader", "header size")
} }
} }
} }

32
storage/local/chunk/doubledelta.go
View file

@ -247,28 +247,36 @@ func (c *doubleDeltaEncodedChunk) Unmarshal(r io.Reader) error {
if _, err := io.ReadFull(r, *c); err != nil { if _, err := io.ReadFull(r, *c); err != nil {
return err return err
} }
l := binary.LittleEndian.Uint16((*c)[doubleDeltaHeaderBufLenOffset:]) return c.setLen()
if int(l) > cap(*c) {
return fmt.Errorf("chunk length exceeded during unmarshaling: %d", l)
}
if int(l) < doubleDeltaHeaderMinBytes {
return fmt.Errorf("chunk length less than header size: %d < %d", l, doubleDeltaHeaderMinBytes)
}
*c = (*c)[:l]
return nil
} }
// UnmarshalFromBuf implements chunk. // UnmarshalFromBuf implements chunk.
func (c *doubleDeltaEncodedChunk) UnmarshalFromBuf(buf []byte) error { func (c *doubleDeltaEncodedChunk) UnmarshalFromBuf(buf []byte) error {
*c = (*c)[:cap(*c)] *c = (*c)[:cap(*c)]
copy(*c, buf) copy(*c, buf)
return c.setLen()
}
// setLen sets the length of the underlying slice and performs some sanity checks.
func (c *doubleDeltaEncodedChunk) setLen() error {
l := binary.LittleEndian.Uint16((*c)[doubleDeltaHeaderBufLenOffset:]) l := binary.LittleEndian.Uint16((*c)[doubleDeltaHeaderBufLenOffset:])
if int(l) > cap(*c) { if int(l) > cap(*c) {
return fmt.Errorf("chunk length exceeded during unmarshaling: %d", l) return fmt.Errorf("doubledelta chunk length exceeded during unmarshaling: %d", l)
} }
if int(l) < doubleDeltaHeaderMinBytes { if int(l) < doubleDeltaHeaderMinBytes {
return fmt.Errorf("chunk length less than header size: %d < %d", l, doubleDeltaHeaderMinBytes) return fmt.Errorf("doubledelta chunk length less than header size: %d < %d", l, doubleDeltaHeaderMinBytes)
}
switch c.timeBytes() {
case d1, d2, d4, d8:
// Pass.
default:
return fmt.Errorf("invalid number of time bytes in doubledelta chunk: %d", c.timeBytes())
}
switch c.valueBytes() {
case d0, d1, d2, d4, d8:
// Pass.
default:
return fmt.Errorf("invalid number of value bytes in doubledelta chunk: %d", c.valueBytes())
} }
*c = (*c)[:l] *c = (*c)[:l]
return nil return nil