Add bounds checks to rfc5424 parser (#62)

libc · mcuadros · commit 277e70331735 · 2019-08-15T22:20:33.000+02:00
Several bounds checks are missing from rfc5424 parser, which can cause
"index out of range" panic.

We see this index out of range panics in our production environment
while streaming logs from a 3rd party CDN server.
diff --git a/internal/syslogparser/rfc5424/rfc5424.go b/internal/syslogparser/rfc5424/rfc5424.go
@@ -193,6 +193,10 @@ func (p *Parser) parseVersion() (int, error) {
 func (p *Parser) parseTimestamp() (time.Time, error) {
 	var ts time.Time
 
+	if p.cursor >= p.l {
+		return ts, ErrInvalidTimeFormat
+	}
+
 	if p.buff[p.cursor] == NILVALUE {
 		p.cursor++
 		return ts, nil
@@ -203,7 +207,7 @@ func (p *Parser) parseTimestamp() (time.Time, error) {
 		return ts, err
 	}
 
-	if p.buff[p.cursor] != 'T' {
+	if p.cursor >= p.l || p.buff[p.cursor] != 'T' {
 		return ts, ErrInvalidTimeFormat
 	}
 
@@ -272,7 +276,7 @@ func parseFullDate(buff []byte, cursor *int, l int) (fullDate, error) {
 		return fd, err
 	}
 
-	if buff[*cursor] != '-' {
+	if *cursor >= l || buff[*cursor] != '-' {
 		return fd, syslogparser.ErrTimestampUnknownFormat
 	}
 
@@ -283,7 +287,7 @@ func parseFullDate(buff []byte, cursor *int, l int) (fullDate, error) {
 		return fd, err
 	}
 
-	if buff[*cursor] != '-' {
+	if *cursor >= l || buff[*cursor] != '-' {
 		return fd, syslogparser.ErrTimestampUnknownFormat
 	}
 
@@ -371,7 +375,7 @@ func parsePartialTime(buff []byte, cursor *int, l int) (partialTime, error) {
 		return pt, err
 	}
 
-	if buff[*cursor] != ':' {
+	if *cursor >= l || buff[*cursor] != ':' {
 		return pt, ErrInvalidTimeFormat
 	}
 
@@ -392,7 +396,7 @@ func parsePartialTime(buff []byte, cursor *int, l int) (partialTime, error) {
 
 	// ----
 
-	if buff[*cursor] != '.' {
+	if *cursor >= l || buff[*cursor] != '.' {
 		return pt, nil
 	}
 
@@ -458,7 +462,7 @@ func parseSecFrac(buff []byte, cursor *int, l int) (float64, error) {
 // TIME-OFFSET = "Z" / TIME-NUMOFFSET
 func parseTimeOffset(buff []byte, cursor *int, l int) (*time.Location, error) {
 
-	if buff[*cursor] == 'Z' {
+	if *cursor >= l || buff[*cursor] == 'Z' {
 		*cursor++
 		return time.UTC, nil
 	}
@@ -498,7 +502,7 @@ func getHourMinute(buff []byte, cursor *int, l int) (int, int, error) {
 		return 0, 0, err
 	}
 
-	if buff[*cursor] != ':' {
+	if *cursor >= l || buff[*cursor] != ':' {
 		return 0, 0, ErrInvalidTimeFormat
 	}
 
@@ -588,8 +592,8 @@ func parseUpToLen(buff []byte, cursor *int, l int, maxLen int, e error) (string,
 
 	if found {
 		result = string(buff[*cursor:to])
-	} else if (to > max) {
-		to = max; // don't go past max
+	} else if to > max {
+		to = max // don't go past max
 	}
 
 	*cursor = to
diff --git a/internal/syslogparser/rfc5424/rfc5424_test.go b/internal/syslogparser/rfc5424/rfc5424_test.go
@@ -137,6 +137,14 @@ func (s *Rfc5424TestSuite) TestParser_Valid(c *C) {
 	}
 }
 
+func (s *Rfc5424TestSuite) TestParser_Truncated(c *C) {
+	msg := "<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 myproc 8710 - - %% It's time to make the do-nuts."
+	for i := range msg {
+		p := NewParser([]byte(msg[:i]))
+		p.Parse()
+	}
+}
+
 func (s *Rfc5424TestSuite) TestParseHeader_Valid(c *C) {
 	ts := time.Date(2003, time.October, 11, 22, 14, 15, 3*10e5, time.UTC)
 	tsString := "2003-10-11T22:14:15.003Z"
@@ -293,6 +301,13 @@ func (s *Rfc5424TestSuite) TestParseTimestamp_NilValue(c *C) {
 	s.assertTimestamp(c, *ts, buff, 1, nil)
 }
 
+func (s *Rfc5424TestSuite) TestParseTimestamp_Empty(c *C) {
+	buff := []byte("")
+	ts := new(time.Time)
+
+	s.assertTimestamp(c, *ts, buff, 0, ErrInvalidTimeFormat)
+}
+
 func (s *Rfc5424TestSuite) TestFindNextSpace_NoSpace(c *C) {
 	buff := []byte("aaaaaa")
 
diff --git a/internal/syslogparser/syslogparser.go b/internal/syslogparser/syslogparser.go
@@ -28,6 +28,8 @@ var (
 	ErrVersionNotFound = &ParserError{"Can not find version"}
 
 	ErrTimestampUnknownFormat = &ParserError{"Timestamp format unknown"}
+
+	ErrHostnameTooShort = &ParserError{"Hostname field too short"}
 )
 
 type LogParser interface {
@@ -180,6 +182,11 @@ func Parse2Digits(buff []byte, cursor *int, l int, min int, max int, e error) (i
 
 func ParseHostname(buff []byte, cursor *int, l int) (string, error) {
 	from := *cursor
+
+	if from >= l {
+		return "", ErrHostnameTooShort
+	}
+
 	var to int
 
 	for to = from; to < l; to++ {

Original file line number	Diff line number	Diff line change
`@@ -193,6 +193,10 @@ func (p *Parser) parseVersion() (int, error) {`
`193`	`193`	`func (p *Parser) parseTimestamp() (time.Time, error) {`
`194`	`194`	`var ts time.Time`
`195`	`195`
	`196`	`+ if p.cursor >= p.l {`
	`197`	`+ return ts, ErrInvalidTimeFormat`
	`198`	`+ }`
	`199`	`+`
`196`	`200`	`if p.buff[p.cursor] == NILVALUE {`
`197`	`201`	`p.cursor++`
`198`	`202`	`return ts, nil`
`@@ -203,7 +207,7 @@ func (p *Parser) parseTimestamp() (time.Time, error) {`
`203`	`207`	`return ts, err`
`204`	`208`	`}`
`205`	`209`
`206`		`- if p.buff[p.cursor] != 'T' {`
	`210`	`+ if p.cursor >= p.l \|\| p.buff[p.cursor] != 'T' {`
`207`	`211`	`return ts, ErrInvalidTimeFormat`
`208`	`212`	`}`
`209`	`213`
`@@ -272,7 +276,7 @@ func parseFullDate(buff []byte, cursor *int, l int) (fullDate, error) {`
`272`	`276`	`return fd, err`
`273`	`277`	`}`
`274`	`278`
`275`		`- if buff[*cursor] != '-' {`
	`279`	`+ if cursor >= l \|\| buff[cursor] != '-' {`
`276`	`280`	`return fd, syslogparser.ErrTimestampUnknownFormat`
`277`	`281`	`}`
`278`	`282`
`@@ -283,7 +287,7 @@ func parseFullDate(buff []byte, cursor *int, l int) (fullDate, error) {`
`283`	`287`	`return fd, err`
`284`	`288`	`}`
`285`	`289`
`286`		`- if buff[*cursor] != '-' {`
	`290`	`+ if cursor >= l \|\| buff[cursor] != '-' {`
`287`	`291`	`return fd, syslogparser.ErrTimestampUnknownFormat`
`288`	`292`	`}`
`289`	`293`
`@@ -371,7 +375,7 @@ func parsePartialTime(buff []byte, cursor *int, l int) (partialTime, error) {`
`371`	`375`	`return pt, err`
`372`	`376`	`}`
`373`	`377`
`374`		`- if buff[*cursor] != ':' {`
	`378`	`+ if cursor >= l \|\| buff[cursor] != ':' {`
`375`	`379`	`return pt, ErrInvalidTimeFormat`
`376`	`380`	`}`
`377`	`381`
`@@ -392,7 +396,7 @@ func parsePartialTime(buff []byte, cursor *int, l int) (partialTime, error) {`
`392`	`396`
`393`	`397`	`// ----`
`394`	`398`
`395`		`- if buff[*cursor] != '.' {`
	`399`	`+ if cursor >= l \|\| buff[cursor] != '.' {`
`396`	`400`	`return pt, nil`
`397`	`401`	`}`
`398`	`402`
`@@ -458,7 +462,7 @@ func parseSecFrac(buff []byte, cursor *int, l int) (float64, error) {`
`458`	`462`	`// TIME-OFFSET = "Z" / TIME-NUMOFFSET`
`459`	`463`	`func parseTimeOffset(buff []byte, cursor int, l int) (time.Location, error) {`
`460`	`464`
`461`		`- if buff[*cursor] == 'Z' {`
	`465`	`+ if cursor >= l \|\| buff[cursor] == 'Z' {`
`462`	`466`	`*cursor++`
`463`	`467`	`return time.UTC, nil`
`464`	`468`	`}`
`@@ -498,7 +502,7 @@ func getHourMinute(buff []byte, cursor *int, l int) (int, int, error) {`
`498`	`502`	`return 0, 0, err`
`499`	`503`	`}`
`500`	`504`
`501`		`- if buff[*cursor] != ':' {`
	`505`	`+ if cursor >= l \|\| buff[cursor] != ':' {`
`502`	`506`	`return 0, 0, ErrInvalidTimeFormat`
`503`	`507`	`}`
`504`	`508`
`@@ -588,8 +592,8 @@ func parseUpToLen(buff []byte, cursor *int, l int, maxLen int, e error) (string,`
`588`	`592`
`589`	`593`	`if found {`
`590`	`594`	`result = string(buff[*cursor:to])`
`591`		`- } else if (to > max) {`
`592`		`- to = max; // don't go past max`
	`595`	`+ } else if to > max {`
	`596`	`+ to = max // don't go past max`
`593`	`597`	`}`
`594`	`598`
`595`	`599`	`*cursor = to`