Skip to content

Commit

Permalink
Fix underflow on array and binary deserialization
Browse files Browse the repository at this point in the history 
Closes #243
  • Loading branch information
@gperinazzo
gperinazzo committed Mar 22, 2021
1 parent b069ef5 commit 4b7c046
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions src/de/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,6 +176,13 @@ fn deserialize_array<R: Read + ?Sized>(reader: &mut R, utf8_lossy: bool) -> Resu
let mut arr = Array::new();
let length = read_i32(reader)?;

if !(MIN_BSON_DOCUMENT_SIZE..=MAX_BSON_SIZE).contains(&length) {
return Err(Error::invalid_length(
length as usize,
&format!("array length must be between {} and {}", MIN_BSON_DOCUMENT_SIZE, MAX_BSON_SIZE).as_str(),
));
}

ensure_read_exactly(
reader,
(length as usize) - 4,
Expand Down Expand Up @@ -224,6 +231,14 @@ pub(crate) fn deserialize_bson_kvp<R: Read + ?Sized>(
if let BinarySubtype::BinaryOld = subtype {
let data_len = read_i32(reader)?;

if !(0..=(MAX_BSON_SIZE - 4)).contains(&data_len) {
return Err(Error::invalid_length(
data_len as usize,
&format!("0x02 length must be between 0 and {}", MAX_BSON_SIZE - 4).as_str(),
));

}

if data_len + 4 != len {
return Err(Error::invalid_length(
data_len as usize,
Expand Down

0 comments on commit 4b7c046

Please sign in to comment.