tlv: fix panic with large length

This commit fixes a panic where a large length in a record could
cause the DVarBytes function to fail to allocate a byte slice.
This commit is contained in:
nsa 2019-08-15 20:03:24 -04:00 committed by Conner Fromknecht
parent c4ba5577cc
commit dfd1b38648
No known key found for this signature in database
GPG Key ID: E7D737B67FA592C7

@ -6,12 +6,18 @@ import (
"io" "io"
"io/ioutil" "io/ioutil"
"math" "math"
"github.com/lightningnetwork/lnd/lnwire"
) )
// ErrStreamNotCanonical signals that a decoded stream does not contain records // ErrStreamNotCanonical signals that a decoded stream does not contain records
// sorting by monotonically-increasing type. // sorting by monotonically-increasing type.
var ErrStreamNotCanonical = errors.New("tlv stream is not canonical") var ErrStreamNotCanonical = errors.New("tlv stream is not canonical")
// ErrRecordTooLarge signals that a decoded record has a length that is too
// long to parse.
var ErrRecordTooLarge = errors.New("record is too large")
// ErrUnknownRequiredType is an error returned when decoding an unknown and even // ErrUnknownRequiredType is an error returned when decoding an unknown and even
// type from a Stream. // type from a Stream.
type ErrUnknownRequiredType Type type ErrUnknownRequiredType Type
@ -183,6 +189,10 @@ func (s *Stream) Decode(r io.Reader) error {
return err return err
} }
if length > lnwire.MaxMessagePayload {
return ErrRecordTooLarge
}
// Search the records known to the stream for this type. We'll // Search the records known to the stream for this type. We'll
// begin the search and recordIdx and walk forward until we find // begin the search and recordIdx and walk forward until we find
// it or the next record's type is larger. // it or the next record's type is larger.