This repository was archived by the owner on Jan 22, 2025. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4.9k
removes raw indexing into packet data #25554
Merged
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
6ccc45a
to
f764703
Compare
Codecov Report
@@ Coverage Diff @@
## master #25554 +/- ##
========================================
Coverage 82.0% 82.0%
========================================
Files 655 626 -29
Lines 171822 170976 -846
Branches 335 0 -335
========================================
- Hits 140972 140344 -628
+ Misses 30734 30632 -102
+ Partials 116 0 -116 |
I had a feeling this was going to be a follow up change :) |
jstarry
reviewed
May 26, 2022
It looks like packet.data() slicing is also used in this new PR |
3ae9c5a
to
2bdf87c
Compare
790f3da
to
5d5e81c
Compare
@jstarry any objection to merging this? |
No, feel free to merge |
jstarry
reviewed
Jun 2, 2022
jstarry
reviewed
Jun 2, 2022
5d5e81c
to
90dc856
Compare
Packets are at the boundary of the system where, vast majority of the time, they are received from an untrusted source. Raw indexing into the data buffer can open attack vectors if the offsets are invalid. Validating offsets beforehand is verbose and error prone. The commit updates Packet::data() api to take a SliceIndex and always to return an Option. The call-sites are so forced to explicitly handle the case where the offsets are invalid.
90dc856
to
fcfacc1
Compare
jstarry
approved these changes
Jun 2, 2022
mergify bot
pushed a commit
that referenced
this pull request
Jun 20, 2022
Packets are at the boundary of the system where, vast majority of the time, they are received from an untrusted source. Raw indexing into the data buffer can open attack vectors if the offsets are invalid. Validating offsets beforehand is verbose and error prone. The commit updates Packet::data() api to take a SliceIndex and always to return an Option. The call-sites are so forced to explicitly handle the case where the offsets are invalid. (cherry picked from commit 5dbf7d8) # Conflicts: # ledger/src/shred.rs # ledger/src/sigverify_shreds.rs # perf/src/sigverify.rs
mergify bot
added a commit
that referenced
this pull request
Jun 20, 2022
* removes raw indexing into packet data (#25554) Packets are at the boundary of the system where, vast majority of the time, they are received from an untrusted source. Raw indexing into the data buffer can open attack vectors if the offsets are invalid. Validating offsets beforehand is verbose and error prone. The commit updates Packet::data() api to take a SliceIndex and always to return an Option. The call-sites are so forced to explicitly handle the case where the offsets are invalid. (cherry picked from commit 5dbf7d8) # Conflicts: # ledger/src/shred.rs # ledger/src/sigverify_shreds.rs # perf/src/sigverify.rs * removes mergify merge conflicts Co-authored-by: behzad nouri <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
Packets are at the boundary of the system where, vast majority of the
time, they are received from an untrusted source. Raw indexing into the
data buffer can open attack vectors if the offsets are invalid.
Validating offsets beforehand is verbose and error prone.
Summary of Changes
The commit updates
Packet::data()
api to take aSliceIndex
and always toreturn an
Option
. The call-sites are so forced to explicitly handle thecase where the offsets are invalid.