search

teragrep / rlo_06

Syslog (RFC 5424) library for Java
GNU Affero General Public License v3.0
1 stars 4 forks source link

Repeated, long SD causes BufferOverflow #21

Open StrongestNumber9 opened 1 year ago

StrongestNumber9 commented 1 year ago

Something like

        StringBuilder x = new StringBuilder();
        String key = new String(new char[32]).replace("\0", "X");
        String value = new String(new char[32]).replace("\0", "X");
        sdSubscription.subscribeElement("id@0", key);
        for(int i=0; i<=1000; i++) {
            x.append("[id@0 ").append(key).append("=\"").append(value).append("\"]");
        }
        String input = x+"[id@0 keyHere=\"valueThere\"] ";

causes

java.nio.BufferOverflowException
        at java.base/java.nio.Buffer.nextPutIndex(Buffer.java:722)
        at java.base/java.nio.DirectByteBuffer.put(DirectByteBuffer.java:352)
        at com.teragrep.rlo_06.StructuredData.accept(StructuredData.java:163)
        at com.teragrep.rlo_06.StructuredDataTest.longSD(StructuredDataTest.java:64)

Stacktrace truncated as it is from junit

StrongestNumber9 commented 1 year ago

Maybe move https://github.com/teragrep/rlo_06/blob/416a26fc11ca530232adbc5053026f505d7b30dc/src/main/java/com/teragrep/rlo_06/StructuredData.java#L130

to

https://github.com/teragrep/rlo_06/blob/416a26fc11ca530232adbc5053026f505d7b30dc/src/main/java/com/teragrep/rlo_06/StructuredData.java#L56-L58

At least that fixed the crashing, but never threw out of the loop or any exceptions

StrongestNumber9 commented 1 year ago 
      STRUCTURED-DATA = NILVALUE / 1*SD-ELEMENT
      SD-ELEMENT      = "[" SD-ID *(SP SD-PARAM) "]"
      SD-PARAM        = PARAM-NAME "=" %d34 PARAM-VALUE %d34
      SD-ID           = SD-NAME
      PARAM-NAME      = SD-NAME
      PARAM-VALUE     = UTF-8-STRING ; characters '"', '\' and
                                     ; ']' MUST be escaped.
      SD-NAME         = 1*32PRINTUSASCII
                        ; except '=', SP, ']', %d34 (")

As far as I can tell, nothing prevents me from having a lot of key=value combinations, or that how long the values are. Currently seems to be limited to 8K total even though 256K sized messages are supported in many places

StrongestNumber9 commented 1 year ago

https://github.com/teragrep/rlo_06/blob/416a26fc11ca530232adbc5053026f505d7b30dc/src/main/java/com/teragrep/rlo_06/RFC5424ParserSDSubscription.java#L90

https://github.com/teragrep/rlo_06/blob/416a26fc11ca530232adbc5053026f505d7b30dc/src/main/java/com/teragrep/rlo_06/RFC5424ParserSDSubscription.java#L123

Seems to contain hardcoded 8K limit as well

StrongestNumber9 commented 1 year ago

My test that crashed on 8*1024 is now working when I changed it to 256*1024, that limit might be the reason.