[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #26348 [Obfuscation/Snowflake]: Guard against large reads
#26348: Guard against large reads
-----------------------------------------------+---------------------------
Reporter: dcf | Owner: cohosh
Type: defect | Status:
| needs_revision
Priority: Medium | Milestone:
Component: Obfuscation/Snowflake | Version:
Severity: Normal | Resolution:
Keywords: easy anti-censorship-roadmap-2019 | Actual Points:
Parent ID: | Points: 1
Reviewer: | Sponsor: Sponsor19
-----------------------------------------------+---------------------------
Comment (by dcf):
Replying to [comment:6 cohosh]:
> >An alternative, since `MaxBytesReader` is always called before a call
to `io.ReadAll`, is to provide a separate `limitedReadAll` function that
enforces the limit--it could be an `io.ReadAll` followed by a `Read` that
expects to find EOF.
> I'm not sure what you mean by this exactly. Do you mean call
`limitedReadAll` instead of `io.ReadAll`? And then I'm not sure why we'd
make a call to both `io.ReadAll` and `Read`...
Sorry, I mean like this. Actually the second call should be to
`io.ReadFull` to avoid needing to handle the case where the underlying
`Reader` returns `(0, nil)`.
{{{
func limitedReadAll(r io.Reader, limit int64) ([]byte, error) {
p, err := ioutil.ReadAll(io.LimitReader(r, limit))
if err != nil {
return p, err
}
// Another read to see whether the LimitedReader hit EOF or not.
var tmp [1]byte
_, err = io.ReadFull(r, tmp[:])
if err == io.EOF {
err = nil
} else if err == nil {
err = io.ErrUnexpectedEOF
}
return p, err
}
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26348#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs