derp: prevent readFrame() from reading more than len(b) bytes.

Signed-off-by: Dmitry Adamushko <da@stablebits.net>
2020-04-08 18:05:58 +02:00 · 2020-04-08 18:05:58 +02:00 · 806645ea0e
parent f2c2d0de68
commit 806645ea0e
1 changed files with 9 additions and 1 deletions
--- a/derp/derp.go
+++ b/derp/derp.go
@ -138,7 +138,8 @@ func readFrame(br *bufio.Reader, maxSize uint32, b []byte) (t frameType, frameLe
 	if frameLen > maxSize {
 		return 0, 0, fmt.Errorf("frame header size %d exceeds reader limit of %d", frameLen, maxSize)
 	}
-	n, err := io.ReadFull(br, b[:frameLen])
+
+	n, err := io.ReadFull(br, b[:minUint32(frameLen, uint32(len(b)))])
 	if err != nil {
 		return 0, 0, err
 	}
@ -179,3 +180,10 @@ func minInt(a, b int) int {
 	}
 	return b
 }
+
+func minUint32(a, b uint32) uint32 {
+	if a < b {
+		return a
+	}
+	return b
+}