cbor: add range checks for ints

polydawn · Apr 6, 2018 · cc03af5 · cc03af5
1 parent 9ba4022
commit cc03af5
Showing 1 changed file with 15 additions and 3 deletions.
diff --git a/cbor/cborDecoderTerminals.go b/cbor/cborDecoderTerminals.go
@@ -2,10 +2,16 @@ package cbor
 
 import (
 	"encoding/binary"
+	"errors"
 	"fmt"
 	"math"
 )
 
+const (
+	maxUint = ^uint(0)
+	maxInt  = int(maxUint >> 1)
+)
+
 func (d *Decoder) decodeFloat(majorByte byte) (f float64, err error) {
 	var bs []byte
 	switch majorByte {
@@ -66,8 +72,12 @@ func (d *Decoder) decodeNegInt(majorByte byte) (i int64, err error) {
 	if err != nil {
 		return 0, err
 	}
-	// TODO needs overflow check
-	return -1 - int64(ui), nil
+	pos := ui + 1
+	if pos > uint64(-math.MinInt64) {
+		return -1, errors.New("cbor: negative integer out of rage of int64 type")
+	}
+
+	return -int64(pos), nil
 }
 
 // Decode expecting a positive integer.
@@ -80,7 +90,9 @@ func (d *Decoder) decodeLen(majorByte byte) (i int, err error) {
 	if err != nil {
 		return 0, err
 	}
-	// TODO needs overflow check
+	if ui > uint64(maxInt) {
+		return 0, errors.New("cbor: positive integer is out of length")
+	}
 	return int(ui), nil
 }