go/common/cbor: Reject CBOR blobs with unknown fields

oasisprotocol · Jun 24, 2020 · f97a24c · f97a24c
1 parent 9dba6d1
commit f97a24c
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 6 deletions.
diff --git a/.changelog/2020.breaking.md b/.changelog/2020.breaking.md
@@ -0,0 +1 @@
+go/common/cbor: Reject CBOR blobs with unknown fields
diff --git a/go/common/cbor/cbor.go b/go/common/cbor/cbor.go
@@ -29,9 +29,10 @@ var (
 
 	// decOptions are decoding options for UNTRUSTED inputs (used by default).
 	decOptions = cbor.DecOptions{
-		DupMapKey:   cbor.DupMapKeyEnforcedAPF,
-		IndefLength: cbor.IndefLengthForbidden,
-		TagsMd:      cbor.TagsForbidden,
+		DupMapKey:         cbor.DupMapKeyEnforcedAPF,
+		IndefLength:       cbor.IndefLengthForbidden,
+		TagsMd:            cbor.TagsForbidden,
+		ExtraReturnErrors: cbor.ExtraDecErrorUnknownField,
 	}
 
 	// decOptionsTrusted are decoding options for TRUSTED inputs. They are only used when explicitly

diff --git a/go/common/cbor/cbor_test.go b/go/common/cbor/cbor_test.go
@@ -37,3 +37,28 @@ func TestEncoderDecoder(t *testing.T) {
 	require.NoError(err, "Decode")
 	require.EqualValues(42, x, "decoded value should be correct")
 }
+
+func TestDecodeUnknowField(t *testing.T) {
+	require := require.New(t)
+
+	type a struct {
+		A string
+	}
+	type b struct {
+		a
+		B string
+	}
+	raw := Marshal(&b{
+		a: a{
+			A: "Verily, no cyclone or whirlwind is Zarathustra:",
+		},
+		B: "and if he be a dancer, he is not at all a tarantula-dancer!",
+	})
+
+	var dec a
+	err := Unmarshal(raw, &dec)
+	require.Error(err, "unknown fields should fail")
+
+	err = UnmarshalTrusted(raw, &dec)
+	require.NoError(err, "unknown fields from trusted sources should pass")
+}
diff --git a/go/go.mod b/go/go.mod
@@ -22,7 +22,7 @@ require (
 	github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect
 	github.com/dgraph-io/badger/v2 v2.0.3
 	github.com/eapache/channels v1.1.0
-	github.com/fxamacker/cbor/v2 v2.2.0
+	github.com/fxamacker/cbor/v2 v2.2.1-0.20200526031912-58b82b5bfc05
 	github.com/go-kit/kit v0.10.0
 	github.com/golang/protobuf v1.4.0
 	github.com/golang/snappy v0.0.1

diff --git a/go/go.sum b/go/go.sum
@@ -210,8 +210,8 @@ github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVB
 github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
 github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/fxamacker/cbor/v2 v2.2.0 h1:6eXqdDDe588rSYAi1HfZKbx6YYQO4mxQ9eC6xYpU/JQ=
-github.com/fxamacker/cbor/v2 v2.2.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
+github.com/fxamacker/cbor/v2 v2.2.1-0.20200526031912-58b82b5bfc05 h1:yLgDT1nOw+JVlRVeMPkqzQZUu3Jgz0lN+1PeuS9TCaQ=
+github.com/fxamacker/cbor/v2 v2.2.1-0.20200526031912-58b82b5bfc05/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/glycerine/go-unsnap-stream v0.0.0-20181221182339-f9677308dec2 h1:Ujru1hufTHVb++eG6OuNDKMxZnGIvF6o/u8q/8h2+I4=
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		go/common/cbor: Reject CBOR blobs with unknown fields