gr1ffon/quic-go
1
0
Fork 0
forked from quic-go/quic-go
Code Pull Requests Activity

do some consistency checks before accessing slices in stream

Browse Source 
This is a workaround for the security part of #293.
This commit is contained in:
Lucas Clemente
2016-08-17 11:39:57 +02:00
parent 17add945e5
commit d93de7cfd0
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
stream.go
View File

@@ -1,6 +1,7 @@
package quic
import (
"fmt"
"io"
"sync"
"sync/atomic"
@@ -97,6 +98,13 @@ func (s *stream) Read(p []byte) (int, error) {
}
m := utils.Min(len(p)-bytesRead, int(frame.DataLen())-s.readPosInFrame)
if bytesRead > len(p) {
return bytesRead, fmt.Errorf("BUG: bytesRead (%d) > len(p) (%d) in stream.Read", bytesRead, len(p))
}
if s.readPosInFrame > int(frame.DataLen()) {
return bytesRead, fmt.Errorf("BUG: readPosInFrame (%d) > frame.DataLen (%d) in stream.Read", s.readPosInFrame, frame.DataLen())
}
copy(p[bytesRead:], frame.Data[s.readPosInFrame:])
s.readPosInFrame += m