Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

MaxPayload size is ignored #95

Closed
dgryski opened this issue Aug 2, 2015 · 3 comments
Closed

MaxPayload size is ignored #95

dgryski opened this issue Aug 2, 2015 · 3 comments

Comments

@dgryski
Copy link

dgryski commented Aug 2, 2015

The max_payload configuration option is ignored when parsing.

This opens up two DoS vectors that cause crashes in gnatsd.

  1. PUB o 680444720440
    produces the following panic() output:
panic: runtime error: makeslice: cap out of range

goroutine 9 [running]:
github.com/nats-io/gnatsd/server.(*client).parse(0xc820132000, 0xc82013c000, 0x13, 0x8000, 0x0, 0x0)
    /home/dgryski/work/src/cvs/gocode/src/github.com/nats-io/gnatsd/server/parser.go:630 +0x291
github.com/nats-io/gnatsd/server.(*client).readLoop(0xc820132000)
    /home/dgryski/work/src/cvs/gocode/src/github.com/nats-io/gnatsd/server/client.go:155 +0x194
created by github.com/nats-io/gnatsd/server.(*client).initClient
    /home/dgryski/work/src/cvs/gocode/src/github.com/nats-io/gnatsd/server/client.go:133 +0x782

and 2) PUB 0 8000000000

produces an out-of-memory error on the same line

@dgryski
Copy link
Author

dgryski commented Aug 2, 2015

This issue was found by https://github.com/dvyukov/go-fuzz testing server/parser.go using the existing tests as a seed corpus.

@derekcollison
Copy link
Member

Nice! I have some time this week, will address. Appreciate the effort.

@derekcollison
Copy link
Member

This is fixed with this commit, 075529e

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants