add check for usize cast

2024-11-28 01:32:57 +01:00 · 2018-07-06 07:46:47 +06:00 · 2018-07-06 07:46:47 +06:00 · 7d96b92aa3
commit 7d96b92aa3
parent 080f232a0f
2 changed files with 58 additions and 54 deletions
--- a/src/ws/frame.rs
+++ b/src/ws/frame.rs
@ -94,9 +94,12 @@ impl Frame {
                Async::Ready(None) => return Ok(Async::Ready(None)),
                Async::NotReady => return Ok(Async::NotReady),
            };
-            let len = NetworkEndian::read_uint(&buf[idx..], 8) as usize;
+            let len = NetworkEndian::read_uint(&buf[idx..], 8);
+            if len > max_size as u64 {
+                return Err(ProtocolError::Overflow);
+            }
            idx += 8;
-            len
+            len as usize
        } else {
            len as usize
        };
@ -165,9 +168,12 @@ impl Frame {
            if chunk_len < 10 {
                return Ok(Async::NotReady);
            }
-            let len = NetworkEndian::read_uint(&chunk[idx..], 8) as usize;
+            let len = NetworkEndian::read_uint(&chunk[idx..], 8);
+            if len > max_size as u64 {
+                return Err(ProtocolError::Overflow);
+            }
            idx += 8;
-            len
+            len as usize
        } else {
            len as usize
        };
@ -255,6 +261,8 @@ impl Frame {

        // unmask
        if let Some(mask) = mask {
+            // Unsafe: request body stream is owned by WsStream. only one ref to
+            // bytes exists. Bytes object get freezed in continuous non-overlapping blocks
            let p: &mut [u8] = unsafe {
                let ptr: &[u8] = &data;
                &mut *(ptr as *const _ as *mut _)
@ -272,7 +280,7 @@ impl Frame {
    /// Parse the payload of a close frame.
    pub fn parse_close_payload(payload: &Binary) -> Option<CloseReason> {
        if payload.len() >= 2 {
-            let raw_code = NetworkEndian::read_uint(payload.as_ref(), 2) as u16;
+            let raw_code = NetworkEndian::read_u16(payload.as_ref());
            let code = CloseCode::from(raw_code);
            let description = if payload.len() > 2 {
                Some(String::from_utf8_lossy(&payload.as_ref()[2..]).into())
--- a/src/ws/mask.rs
+++ b/src/ws/mask.rs
@ -4,18 +4,13 @@ use std::cmp::min;
 use std::mem::uninitialized;
 use std::ptr::copy_nonoverlapping;

-/// Mask/unmask a frame.
-#[inline]
-pub fn apply_mask(buf: &mut [u8], mask: u32) {
-    unsafe { apply_mask_fast32(buf, mask) }
-}
-
 /// Faster version of `apply_mask()` which operates on 8-byte blocks.
 ///
 /// unsafe because uses pointer math and bit operations for performance
 #[inline]
 #[cfg_attr(feature = "cargo-clippy", allow(cast_lossless))]
-unsafe fn apply_mask_fast32(buf: &mut [u8], mask_u32: u32) {
+pub(crate) fn apply_mask(buf: &mut [u8], mask_u32: u32) {
+    unsafe {
        let mut ptr = buf.as_mut_ptr();
        let mut len = buf.len();

@ -74,6 +69,7 @@ unsafe fn apply_mask_fast32(buf: &mut [u8], mask_u32: u32) {
            xor_mem(ptr, mask_u32, len);
        }
    }
+}

 #[inline]
 // TODO: copy_nonoverlapping here compiles to call memcpy. While it is not so