Skip to content

Fuzz TDP protocol, fix two issues.#25260

Merged
Tener merged 4 commits intomasterfrom
tener/tdp-protocol-fuzzing
Apr 27, 2023
Merged

Fuzz TDP protocol, fix two issues.#25260
Tener merged 4 commits intomasterfrom
tener/tdp-protocol-fuzzing

Conversation

@Tener
Copy link
Copy Markdown
Contributor

@Tener Tener commented Apr 27, 2023

This PR adds fuzzing for TDP protocol's Decode function and fixes two issues uncovered by the fuzzer.

  1. Decoding PNG2Frame would allocate slice of of pngLength bytes. The declared length could be near the end of uint32 range, which would cause the overflow in 21+pngLength expression, making the actual buffer very small: png2frame := make([]byte, 21+pngLength). Subsequently png2frame[1:5] would panic.
  2. Decoding decodeSharedDirectoryAnnounce would consume 4 initial bytes to decode completionID value, discarded by the function as it is not a member of SharedDirectoryAnnounce struct. SharedDirectoryAnnounce.Encode() does not save the 4 bytes for this field. This is likely a copy-paste error from SharedDirectoryInfoRequest which does have the CompletionID field.

@Tener Tener requested review from ibeckermayer, jentfoo and zmb3 April 27, 2023 13:15
@github-actions github-actions Bot requested review from atburke and jakule April 27, 2023 13:15
@Tener Tener enabled auto-merge April 27, 2023 13:48
@Tener Tener added this pull request to the merge queue Apr 27, 2023
Merged via the queue into master with commit abcd527 Apr 27, 2023
@Tener Tener deleted the tener/tdp-protocol-fuzzing branch April 27, 2023 15:29
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Apr 27, 2023

@Tener See the table below for backport results.

Branch Result
branch/v10 Failed
branch/v11 Failed
branch/v12 Create PR
branch/v13 Create PR

This was referenced Apr 28, 2023
Merged
Merged
Tener added a commit that referenced this pull request Apr 28, 2023
@Tener
Fuzz TDP protocol, fix two issues. (#25260)
967e2df 
* Add FuzzDecode covering tdp protocol.

* Add FuzzDecode to oss-fuzz

* Limit PNG2Frame size.

* Fix decodeSharedDirectoryAnnounce incorrectly consuming 4 extra bytes.
@Tener Tener mentioned this pull request Apr 28, 2023
Merged
Tener added a commit that referenced this pull request Apr 28, 2023
@Tener
Fuzz TDP protocol, fix two issues. (#25260)
d078a48 
* Add FuzzDecode covering tdp protocol.

* Limit PNG2Frame size.

* Fix decodeSharedDirectoryAnnounce incorrectly consuming 4 extra bytes.
@Tener Tener mentioned this pull request Apr 28, 2023
Merged
zmb3 pushed a commit that referenced this pull request Apr 28, 2023
@Tener
Fuzz TDP protocol, fix two issues. (#25260) (#25315)
985ea7f 
* Add FuzzDecode covering tdp protocol.

* Add FuzzDecode to oss-fuzz

* Limit PNG2Frame size.

* Fix decodeSharedDirectoryAnnounce incorrectly consuming 4 extra bytes.
Tener added a commit that referenced this pull request May 4, 2023
@Tener
Fuzz TDP protocol, fix two issues. (#25260) (#25316)
384f5f4 
* Add FuzzDecode covering tdp protocol.

* Limit PNG2Frame size.

* Fix decodeSharedDirectoryAnnounce incorrectly consuming 4 extra bytes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zmb3 zmb3 zmb3 approved these changes

@ibeckermayer ibeckermayer Awaiting requested review from ibeckermayer

@atburke atburke Awaiting requested review from atburke

@jakule jakule Awaiting requested review from jakule

+1 more reviewer

@jentfoo jentfoo jentfoo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

desktop-access size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Tener @jentfoo @zmb3