add validation of compact binary payloads before reading them (#483)

* add validation of compact binary payloads before reading them
author: Dan Engelbrecht <[email protected]> 2025-09-04 13:17:25 +0200
committer: GitHub Enterprise <[email protected]> 2025-09-04 13:17:25 +0200
commit: 9f575bd416e1f7afbd11d4b221074f34bb89605c (patch)
tree: 07c87ccdbc01cdaf13015f46dddfaa71fa791d5b /src/zenhttp/packageformat.cpp
parent: oplog memory usage reduction (#482) (diff)
download: zen-9f575bd416e1f7afbd11d4b221074f34bb89605c.tar.xz
zen-9f575bd416e1f7afbd11d4b221074f34bb89605c.zip
1 files changed, 42 insertions, 5 deletions
diff --git a/src/zenhttp/packageformat.cpp b/src/zenhttp/packageformat.cpp
index 0b7848f79..f622b93ea 100644
--- a/src/zenhttp/packageformat.cpp
+++ b/src/zenhttp/packageformat.cpp
@@ -4,6 +4,7 @@
 
 #include <zencore/compactbinarybuilder.h>
 #include <zencore/compactbinarypackage.h>
+#include <zencore/compactbinaryutil.h>
 #include <zencore/compositebuffer.h>
 #include <zencore/filesystem.h>
 #include <zencore/fmtutils.h>
@@ -499,6 +500,8 @@ ParsePackageMessage(IoBuffer Payload, std::function<IoBuffer(const IoHash&, uint
 		{
 			if (Entry.Flags & CbAttachmentEntry::kIsObject)
 			{
+				CbObject AttachmentObject;
+
 				CompressedBuffer CompBuf(CompressedBuffer::FromCompressedNoValidate(IoBuffer(AttachmentBuffer)));
 				if (!CompBuf)
 				{
@@ -509,7 +512,18 @@ ParsePackageMessage(IoBuffer Payload, std::function<IoBuffer(const IoHash&, uint
 												   AttachmentBuffer.GetSize(),
 												   Entry.AttachmentHash)));
 				}
-				CbObject AttachmentObject = LoadCompactBinaryObject(std::move(CompBuf));
+				else
+				{
+					CbValidateError ValidationError = CbValidateError::None;
+					AttachmentObject				= ValidateAndReadCompactBinaryObject(std::move(CompBuf), ValidationError);
+					if (ValidationError != CbValidateError::None)
+					{
+						MalformedAttachments.push_back(std::make_pair(
+							i,
+							fmt::format("Invalid format, CbObject for {}. Reason '{}'", Entry.AttachmentHash, ToString(ValidationError))));
+					}
+				}
+
 				if (i == 0)
 				{
 					// First payload is always a compact binary object
@@ -541,7 +555,15 @@ ParsePackageMessage(IoBuffer Payload, std::function<IoBuffer(const IoHash&, uint
 		{
 			if (Entry.Flags & CbAttachmentEntry::kIsObject)
 			{
-				CbObject AttachmentObject = LoadCompactBinaryObject(AttachmentBuffer);
+				CbValidateError ValidationError	 = CbValidateError::None;
+				CbObject		AttachmentObject = ValidateAndReadCompactBinaryObject(std::move(AttachmentBuffer), ValidationError);
+				if (ValidationError != CbValidateError::None)
+				{
+					MalformedAttachments.push_back(std::make_pair(
+						i,
+						fmt::format("Invalid format, CbObject for {}. Reason '{}'", Entry.AttachmentHash, ToString(ValidationError))));
+				}
+
 				if (i == 0)
 				{
 					Package.SetObject(AttachmentObject);
@@ -709,7 +731,12 @@ CbPackageReader::Finalize()
 			{
 				if (Entry.Flags & CbAttachmentEntry::kIsLocalRef)
 				{
-					m_RootObject = LoadCompactBinaryObject(MarshalLocalChunkReference(AttachmentBuffer));
+					CbValidateError ValidateError = CbValidateError::None;
+					m_RootObject = ValidateAndReadCompactBinaryObject(MarshalLocalChunkReference(AttachmentBuffer), ValidateError);
+					if (ValidateError != CbValidateError::None)
+					{
+						throw std::runtime_error(fmt::format("Root object format is invalid, reason: '{}'", ToString(ValidateError)));
+					}
 				}
 				else if (Entry.Flags & CbAttachmentEntry::kIsCompressed)
 				{
@@ -718,12 +745,22 @@ CbPackageReader::Finalize()
 					CompressedBuffer Compressed = CompressedBuffer::FromCompressed(SharedBuffer(AttachmentBuffer), RawHash, RawSize);
 					if (RawHash == Entry.AttachmentHash)
 					{
-						m_RootObject = LoadCompactBinaryObject(Compressed);
+						CbValidateError ValidateError = CbValidateError::None;
+						m_RootObject				  = ValidateAndReadCompactBinaryObject(std::move(Compressed), ValidateError);
+						if (ValidateError != CbValidateError::None)
+						{
+							throw std::runtime_error(fmt::format("Root object format is invalid, reason: '{}'", ToString(ValidateError)));
+						}
 					}
 				}
 				else
 				{
-					m_RootObject = LoadCompactBinaryObject(std::move(AttachmentBuffer));
+					CbValidateError ValidateError = CbValidateError::None;
+					m_RootObject				  = ValidateAndReadCompactBinaryObject(std::move(AttachmentBuffer), ValidateError);
+					if (ValidateError != CbValidateError::None)
+					{
+						throw std::runtime_error(fmt::format("Root object format is invalid, reason: '{}'", ToString(ValidateError)));
+					}
 				}
 			}
 			else
author	Dan Engelbrecht <[email protected]>	2025-09-04 13:17:25 +0200
committer	GitHub Enterprise <[email protected]>	2025-09-04 13:17:25 +0200
commit	9f575bd416e1f7afbd11d4b221074f34bb89605c (patch)
tree	07c87ccdbc01cdaf13015f46dddfaa71fa791d5b /src/zenhttp/packageformat.cpp
parent	oplog memory usage reduction (#482) (diff)
download	zen-9f575bd416e1f7afbd11d4b221074f34bb89605c.tar.xz zen-9f575bd416e1f7afbd11d4b221074f34bb89605c.zip