hcq/oceanbase
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix the possible interger overflow problem when decode handshake msg

Browse Source
This commit is contained in:
zb0
2021-09-09 16:31:52 +08:00
committed by wangzelin.wzl
parent 9ce3fd86ed
commit 18da76ec68
1 changed files with 28 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
deps/oblib/src/rpc/obmysql/packet/ompk_handshake_response.cpp vendored
View File

@ -121,29 +121,34 @@ int OMPKHandshakeResponse::decode()
uint64_t key_len = 0; uint64_t key_len = 0;
ret = ObMySQLUtil::get_length(pos, key_len, key_inc_len); ret = ObMySQLUtil::get_length(pos, key_len, key_inc_len);
// OB_ASSERT(OB_SUCC(ret) && all_attrs_len > key_inc_len); // OB_ASSERT(OB_SUCC(ret) && all_attrs_len > key_inc_len);
if (OB_SUCC(ret) && all_attrs_len > key_inc_len) { if (OB_SUCC(ret) && all_attrs_len > key_inc_len && pos < end) {
all_attrs_len -= key_inc_len; all_attrs_len -= key_inc_len;
str_kv.key_.assign_ptr(pos, static_cast<int32_t>(key_len)); str_kv.key_.assign_ptr(pos, static_cast<int32_t>(key_len));
// OB_ASSERT(all_attrs_len > key_len); // OB_ASSERT(all_attrs_len > key_len);
if (all_attrs_len > key_len) { if (all_attrs_len > key_len) {
all_attrs_len -= key_len; all_attrs_len -= key_len;
if (end - pos > key_len) {
pos += key_len; pos += key_len;
// get value // get value
uint64_t value_inc_len = 0; uint64_t value_inc_len = 0;
uint64_t value_len = 0; uint64_t value_len = 0;
ret = ObMySQLUtil::get_length(pos, value_len, value_inc_len); ret = ObMySQLUtil::get_length(pos, value_len, value_inc_len);
// OB_ASSERT(OB_SUCC(ret) && all_attrs_len > value_inc_len); // OB_ASSERT(OB_SUCC(ret) && all_attrs_len > value_inc_len);
if (OB_SUCC(ret) && all_attrs_len > value_inc_len) { if (OB_SUCC(ret) && all_attrs_len > value_inc_len && pos < end) {
all_attrs_len -= value_inc_len; all_attrs_len -= value_inc_len;
str_kv.value_.assign_ptr(pos, static_cast<int32_t>(value_len)); str_kv.value_.assign_ptr(pos, static_cast<int32_t>(value_len));
// OB_ASSERT(all_attrs_len >= value_len); // OB_ASSERT(all_attrs_len >= value_len);
if (all_attrs_len >= value_len) { if (all_attrs_len >= value_len) {
all_attrs_len -= value_len; all_attrs_len -= value_len;
if (end - pos >= value_len) {
pos += value_len; pos += value_len;
if (OB_FAIL(connect_attrs_.push_back(str_kv))) { if (OB_FAIL(connect_attrs_.push_back(str_kv))) {
LOG_WARN("fail to push back str_kv", K(str_kv), K(ret)); LOG_WARN("fail to push back str_kv", K(str_kv), K(ret));
} }
} else {
ret = OB_INVALID_ARGUMENT;
LOG_ERROR("invalid packet", K(ret), K(all_attrs_len), K(value_len), K((end - pos)));
}
} else { } else {
ret = OB_INVALID_ARGUMENT; ret = OB_INVALID_ARGUMENT;
LOG_ERROR("invalid packet", K(ret), K(all_attrs_len), K(value_len)); LOG_ERROR("invalid packet", K(ret), K(all_attrs_len), K(value_len));
@ -152,6 +157,10 @@ int OMPKHandshakeResponse::decode()
ret = OB_INVALID_ARGUMENT; ret = OB_INVALID_ARGUMENT;
LOG_ERROR("invalid packet", K(ret), K(all_attrs_len), K(value_inc_len)); LOG_ERROR("invalid packet", K(ret), K(all_attrs_len), K(value_inc_len));
} }
} else {
ret = OB_INVALID_ARGUMENT;
LOG_ERROR("invalid packet", K(ret), K(all_attrs_len), K(key_len), K((end - pos)));
}
} else { } else {
ret = OB_INVALID_ARGUMENT; ret = OB_INVALID_ARGUMENT;
LOG_ERROR("invalid packet", K(ret), K(all_attrs_len), K(key_len)); LOG_ERROR("invalid packet", K(ret), K(all_attrs_len), K(key_len));