MaxPayload size is ignored
dgryski opened this issue · 3 comments
dgryski commented
The max_payload configuration option is ignored when parsing.
This opens up two DoS vectors that cause crashes in gnatsd.
PUB o 680444720440
produces the following panic() output:
panic: runtime error: makeslice: cap out of range
goroutine 9 [running]:
github.com/nats-io/gnatsd/server.(*client).parse(0xc820132000, 0xc82013c000, 0x13, 0x8000, 0x0, 0x0)
/home/dgryski/work/src/cvs/gocode/src/github.com/nats-io/gnatsd/server/parser.go:630 +0x291
github.com/nats-io/gnatsd/server.(*client).readLoop(0xc820132000)
/home/dgryski/work/src/cvs/gocode/src/github.com/nats-io/gnatsd/server/client.go:155 +0x194
created by github.com/nats-io/gnatsd/server.(*client).initClient
/home/dgryski/work/src/cvs/gocode/src/github.com/nats-io/gnatsd/server/client.go:133 +0x782
and 2) PUB 0 8000000000
produces an out-of-memory error on the same line
dgryski commented
This issue was found by https://github.com/dvyukov/go-fuzz testing server/parser.go using the existing tests as a seed corpus.
derekcollison commented
Nice! I have some time this week, will address. Appreciate the effort.
derekcollison commented
This is fixed with this commit, 075529e