zubairhamed / canopus

CoAP Client/Server implementing RFC 7252 for the Go Language
Apache License 2.0
155 stars 41 forks source link

panic: runtime error: slice bounds out of range #91

Open deepakprabhakara opened 7 years ago

deepakprabhakara commented 7 years ago

When you set a query URI on the client that is greater than length 256 the server crashes with the following stacktrace:-

panic: runtime error: slice bounds out of range

goroutine 8 [running]: github.com/redsift/prism/vendor/github.com/zubairhamed/canopus.BytesToMessage(0xc4202be000, 0x50c, 0x5dc, 0x5dc, 0x50c, 0x0, 0x0) /Users/deepakp/workspace/go/src/github.com/redsift/prism/vendor/github.com/zubairhamed/canopus/message.go:158 +0xc0d github.com/redsift/prism/vendor/github.com/zubairhamed/canopus.(DefaultCoapServer).handleSession(0xc42017abb0, 0x47e2040, 0xc42001caf0) /Users/deepakp/workspace/go/src/github.com/redsift/prism/vendor/github.com/zubairhamed/canopus/server.go:508 +0xb0 created by github.com/redsift/prism/vendor/github.com/zubairhamed/canopus.(DefaultCoapServer).handleIncomingData.func1 /Users/deepakp/workspace/go/src/github.com/redsift/prism/vendor/github.com/zubairhamed/canopus/server.go:435 +0x33e exit status 2

Would the right fixe be to check the index bounds in line 157 of messages.go? If so I can send a PR soon.

if optionLength > 0 && optionLength < uint(len(tmp)) {