first attempt at fuzzer fixes

rs-ipfs · Aug 19, 2022 · 0e38435 · 0e38435
1 parent 275b761
commit 0e38435
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/ipld/dag_cbor.rs b/src/ipld/dag_cbor.rs
@@ -396,6 +396,9 @@ pub fn read_f64<R: Read>(r: &mut R) -> CborResult<f64> {
 
 #[inline]
 pub fn read_bytes<R: Read>(r: &mut R, len: usize) -> CborResult<Vec<u8>> {
+ if len > 64 * 1024 {
+ return Err(CborError::LengthOutOfRange);
+ }
  let mut buf = vec![0; len];
  r.read_exact(&mut buf)?;
  Ok(buf)
@@ -410,6 +413,9 @@ pub fn read_str<R: Read>(r: &mut R, len: usize) -> CborResult<String> {
 
 #[inline]
 pub fn read_list<R: Read, T: ReadCbor>(r: &mut R, len: usize) -> CborResult<Vec<T>> {
+ if len.saturating_mul(std::mem::size_of::<T>()) > 64 * 1024 {
+ return Err(CborError::LengthOutOfRange);
+ }
  let mut list: Vec<T> = Vec::with_capacity(len);
  for _ in 0..len {
  list.push(T::read_cbor(r)?);