willardf / Hazel-Networking

Hazel Networking is a low level networking library for C# providing connection-oriented, message-based communication via RUDP.
MIT License
391 stars 60 forks source link

Fix some bounds checking while parsing ClientHellos #21

Closed willardf closed 3 years ago

willardf commented 3 years ago

Was seeing this error causing crashes. The problem is that slices can throw if length is negative which can happen if someone forms a packet where some expected length is larger than the rest of the buffer.

And then a couple of flaky unit tests bugged me, so I fixed a couple of those.

6/6/2021 9:30:30 AM [INFO]: System.ArgumentException: Invalid length: -29 (Parameter 'length')
   at Hazel.ByteSpan..ctor(Byte[] array, Int32 offset, Int32 length)
   at Hazel.Dtls.ClientHello.Parse(ClientHello& result, ByteSpan span)
   at Hazel.Dtls.DtlsConnectionListener.HandleNonPeerRecord(ByteSpan message, IPEndPoint peerAddress)
   at Hazel.Dtls.DtlsConnectionListener.ProcessIncomingMessage(ByteSpan message, IPEndPoint peerAddress)
   at Hazel.Dtls.DtlsConnectionListener.ProcessIncomingMessageFromOtherThread(MessageReader reader, IPEndPoint peerAddress, ConnectionId connectionId)
   at Hazel.Udp.FewerThreads.ThreadLimitedUdpConnectionListener.ReceiveLoop()