From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp31.i.mail.ru (smtp31.i.mail.ru [94.100.177.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dev.tarantool.org (Postfix) with ESMTPS id 6DC31469719 for ; Fri, 28 Feb 2020 02:33:36 +0300 (MSK) References: <172faa01-c31c-76e6-bb45-066f44ffc73d@tarantool.org> From: Vladislav Shpilevoy Message-ID: <7a990e98-bdf1-2e13-37bc-0308a83a898a@tarantool.org> Date: Fri, 28 Feb 2020 00:33:33 +0100 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8" Content-Language: en-US Content-Transfer-Encoding: 8bit Subject: Re: [Tarantool-patches] [PATCH v4 3/4] replication: implement an instance id filter for relay List-Id: Tarantool development patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Serge Petrenko Cc: kirichenkoga@gmail.com, tarantool-patches@dev.tarantool.org >>> +return -1; >>> +} >>> +uint32_t len = mp_decode_array(&d); >>> +for(uint32_t i = 0; i < len; ++i) { >>> +if (mp_typeof(*d) != MP_UINT) >>> +goto decode_err; >>> +*id_filter |= 1 << mp_decode_uint(&d); >> >> 7. If someone would send a big ID (a program, pretending to be a Tarantool >> instance), it would cause unsigned bit shift overflow, which is undefined >> behaviour. Lets check that it is not bigger than 31. >> >> However this won't really help much. This code will crash even if I will >> just send a truncated packet. From what I see. > > I’m not sure I understand what you’re speaking about. This piece of code is > similar to the one we have in mp_decode_vclock. The situation didn’t get worse, > at least. Never mind, I see iproto_msg_decode() checks MessagePack is correct.