Skip to content

Commit

Permalink
fixup! dgram: fix send with out of bounds offset + length
Browse files Browse the repository at this point in the history
  • Loading branch information
Linkgoron committed Oct 22, 2021
1 parent 63a0887 commit b392a94
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 46 deletions.
17 changes: 6 additions & 11 deletions lib/dgram.js
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@ const {
} = require('internal/dgram');
const { guessHandleType } = internalBinding('util');
const {
ERR_BUFFER_OUT_OF_BOUNDS,
ERR_INVALID_ARG_TYPE,
ERR_MISSING_ARGS,
ERR_OUT_OF_RANGE,
ERR_SOCKET_ALREADY_BOUND,
ERR_SOCKET_BAD_BUFFER_SIZE,
ERR_SOCKET_BUFFER_SIZE,
Expand Down Expand Up @@ -488,17 +488,12 @@ function sliceBuffer(buffer, offset, length) {

offset = offset >>> 0;
length = length >>> 0;
if (offset > buffer.byteLength) {
throw new ERR_BUFFER_OUT_OF_BOUNDS('offset');
}

// TypedArray and DataView bounds are checked in Buffer.from
if (Buffer.isBuffer(buffer)) {
if (offset > buffer.byteLength) {
throw new ERR_OUT_OF_RANGE('offset', `<= ${buffer.byteLength}`, offset);
}

if (offset + length > buffer.byteLength) {
throw new ERR_OUT_OF_RANGE('length',
`<= ${buffer.byteLength - offset}`, length);
}
if (offset + length > buffer.byteLength) {
throw new ERR_BUFFER_OUT_OF_BOUNDS('length');
}

return Buffer.from(buffer.buffer, buffer.byteOffset + offset, length);
Expand Down
45 changes: 10 additions & 35 deletions test/parallel/test-dgram-send-bad-arguments.js
Original file line number Diff line number Diff line change
Expand Up @@ -78,43 +78,18 @@ function checkArgs(connected) {
}
);

for (const input of ['hello', Buffer.from('hello'),
for (const input of ['hello',
Buffer.from('hello'),
Buffer.from('hello world').subarray(0, 5),
Buffer.from('hello world').subarray(6)]) {
assert.throws(
() => { sock.send(input, 6, 0); },
{
code: 'ERR_OUT_OF_RANGE',
name: 'RangeError',
message: 'The value of "offset" is out of range. ' +
'It must be <= 5. Received 6'
}
);

assert.throws(
() => { sock.send(input, 0, 6); },
{
code: 'ERR_OUT_OF_RANGE',
name: 'RangeError',
message: 'The value of "length" is out of range. ' +
'It must be <= 5. Received 6'
}
);

assert.throws(
() => { sock.send(input, 3, 4); },
{
code: 'ERR_OUT_OF_RANGE',
name: 'RangeError',
message: 'The value of "length" is out of range. ' +
'It must be <= 2. Received 4'
}
);
}

for (const input of [new Uint8Array([1, 2, 3, 4, 5]),
Buffer.from('hello world').subarray(4, 9),
Buffer.from('hello world').subarray(6),
new Uint8Array([1, 2, 3, 4, 5]),
new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8]).slice(0, 5),
new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8]).slice(2, 7),
new Uint8Array([1, 2, 3, 4, 5, 6, 7, 8]).slice(3),
new DataView(new ArrayBuffer(5), 0),
new DataView(new ArrayBuffer(6), 2)]) {
new DataView(new ArrayBuffer(6), 1),
new DataView(new ArrayBuffer(7), 1, 5)]) {
assert.throws(
() => { sock.send(input, 6, 0); },
{
Expand Down

0 comments on commit b392a94

Please sign in to comment.