From 306db491ebfed1a7aec20046499283bfd96474ce Mon Sep 17 00:00:00 2001 From: Evan Huus Date: Wed, 26 Aug 2015 09:04:42 -0400 Subject: [PATCH] Fix two decoding bugs found by go-fuzz (https://github.com/dvyukov/go-fuzz) - handle negative message-set sizes in FetchResponses - handle IPv6 and/or malformed broker addresses --- broker.go | 5 ++++- fetch_response.go | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/broker.go b/broker.go index eb5bc0bf8..6bdea3869 100644 --- a/broker.go +++ b/broker.go @@ -312,7 +312,10 @@ func (b *Broker) decode(pd packetDecoder) (err error) { return err } - b.addr = fmt.Sprint(host, ":", port) + b.addr = net.JoinHostPort(host, fmt.Sprint(port)) + if _, _, err := net.SplitHostPort(b.addr); err != nil { + return err + } return nil } diff --git a/fetch_response.go b/fetch_response.go index 1ac543921..840808d68 100644 --- a/fetch_response.go +++ b/fetch_response.go @@ -22,6 +22,9 @@ func (pr *FetchResponseBlock) decode(pd packetDecoder) (err error) { if err != nil { return err } + if msgSetSize < 0 { + return PacketDecodingError{"invalid message set size"} + } msgSetDecoder, err := pd.getSubset(int(msgSetSize)) if err != nil {