diff --git a/.changelog/2020.breaking.md b/.changelog/2020.breaking.md new file mode 100644 index 00000000000..5bd3f38b63f --- /dev/null +++ b/.changelog/2020.breaking.md @@ -0,0 +1 @@ +go/common/cbor: Reject CBOR blobs with unknown fields diff --git a/go/common/cbor/cbor.go b/go/common/cbor/cbor.go index 18830c7bd45..4e55364d3a9 100644 --- a/go/common/cbor/cbor.go +++ b/go/common/cbor/cbor.go @@ -29,9 +29,10 @@ var ( // decOptions are decoding options for UNTRUSTED inputs (used by default). decOptions = cbor.DecOptions{ - DupMapKey: cbor.DupMapKeyEnforcedAPF, - IndefLength: cbor.IndefLengthForbidden, - TagsMd: cbor.TagsForbidden, + DupMapKey: cbor.DupMapKeyEnforcedAPF, + IndefLength: cbor.IndefLengthForbidden, + TagsMd: cbor.TagsForbidden, + ExtraReturnErrors: cbor.ExtraDecErrorUnknownField, } // decOptionsTrusted are decoding options for TRUSTED inputs. They are only used when explicitly diff --git a/go/common/cbor/cbor_test.go b/go/common/cbor/cbor_test.go index a626978c67a..4ea2c2864e1 100644 --- a/go/common/cbor/cbor_test.go +++ b/go/common/cbor/cbor_test.go @@ -37,3 +37,28 @@ func TestEncoderDecoder(t *testing.T) { require.NoError(err, "Decode") require.EqualValues(42, x, "decoded value should be correct") } + +func TestDecodeUnknowField(t *testing.T) { + require := require.New(t) + + type a struct { + A string + } + type b struct { + a + B string + } + raw := Marshal(&b{ + a: a{ + A: "Verily, no cyclone or whirlwind is Zarathustra:", + }, + B: "and if he be a dancer, he is not at all a tarantula-dancer!", + }) + + var dec a + err := Unmarshal(raw, &dec) + require.Error(err, "unknown fields should fail") + + err = UnmarshalTrusted(raw, &dec) + require.NoError(err, "unknown fields from trusted sources should pass") +} diff --git a/go/go.mod b/go/go.mod index 6ecfbdd40ad..1a7bf5f9d4f 100644 --- a/go/go.mod +++ b/go/go.mod @@ -22,7 +22,7 @@ require ( github.com/davidlazar/go-crypto v0.0.0-20200604182044-b73af7476f6c // indirect github.com/dgraph-io/badger/v2 v2.0.3 github.com/eapache/channels v1.1.0 - github.com/fxamacker/cbor/v2 v2.2.0 + github.com/fxamacker/cbor/v2 v2.2.1-0.20200526031912-58b82b5bfc05 github.com/go-kit/kit v0.10.0 github.com/golang/protobuf v1.4.0 github.com/golang/snappy v0.0.1 diff --git a/go/go.sum b/go/go.sum index 0c10a200f63..4fa3cef2fe3 100644 --- a/go/go.sum +++ b/go/go.sum @@ -210,8 +210,8 @@ github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVB github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= -github.com/fxamacker/cbor/v2 v2.2.0 h1:6eXqdDDe588rSYAi1HfZKbx6YYQO4mxQ9eC6xYpU/JQ= -github.com/fxamacker/cbor/v2 v2.2.0/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= +github.com/fxamacker/cbor/v2 v2.2.1-0.20200526031912-58b82b5bfc05 h1:yLgDT1nOw+JVlRVeMPkqzQZUu3Jgz0lN+1PeuS9TCaQ= +github.com/fxamacker/cbor/v2 v2.2.1-0.20200526031912-58b82b5bfc05/go.mod h1:TA1xS00nchWmaBnEIxPSE5oHLuJBAVvqrtAnWBwBCVo= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/glycerine/go-unsnap-stream v0.0.0-20181221182339-f9677308dec2 h1:Ujru1hufTHVb++eG6OuNDKMxZnGIvF6o/u8q/8h2+I4=