Fix data leak in CommandString::consensus_encode
A fixed buffer of 12 bytes was unsafely copied from the bytes of a string - if the string was shorter than that, memory from outside would leak into the packet. Replace the unsafe copy by a safe loop. Also add a panic if an attempt is made to use a command string longer than 12 bytes.
This commit is contained in:
parent
66eb08aab5
commit
404176a5ee
|
@ -40,14 +40,15 @@ pub struct CommandString(pub String);
|
||||||
impl<S: SimpleEncoder> ConsensusEncodable<S> for CommandString {
|
impl<S: SimpleEncoder> ConsensusEncodable<S> for CommandString {
|
||||||
#[inline]
|
#[inline]
|
||||||
fn consensus_encode(&self, s: &mut S) -> Result<(), S::Error> {
|
fn consensus_encode(&self, s: &mut S) -> Result<(), S::Error> {
|
||||||
use std::intrinsics::copy_nonoverlapping;
|
|
||||||
use std::mem;
|
|
||||||
|
|
||||||
let &CommandString(ref inner_str) = self;
|
let &CommandString(ref inner_str) = self;
|
||||||
let mut rawbytes = [0u8; 12];
|
let mut rawbytes = [0u8; 12];
|
||||||
unsafe { copy_nonoverlapping(inner_str.as_bytes().as_ptr(),
|
let strbytes = inner_str.as_bytes();
|
||||||
rawbytes.as_mut_ptr(),
|
if strbytes.len() > 12 {
|
||||||
mem::size_of::<[u8; 12]>()); }
|
panic!("Command string longer than 12 bytes");
|
||||||
|
}
|
||||||
|
for x in 0..strbytes.len() {
|
||||||
|
rawbytes[x] = strbytes[x];
|
||||||
|
}
|
||||||
rawbytes.consensus_encode(s)
|
rawbytes.consensus_encode(s)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue