add validation of compact binary payloads before reading them (#483)

* add validation of compact binary payloads before reading them

1 files changed, 42 insertions, 25 deletions

diff --git a/src/zenserver/cache/httpstructuredcache.cpp b/src/zenserver/cache/httpstructuredcache.cpp
index 68f1c602e..08d0b12a7 100644
--- a/src/zenserver/cache/httpstructuredcache.cpp
+++ b/src/zenserver/cache/httpstructuredcache.cpp
@@ -5,6 +5,7 @@
 #include <zencore/compactbinary.h>
 #include <zencore/compactbinarybuilder.h>
 #include <zencore/compactbinarypackage.h>
+#include <zencore/compactbinaryutil.h>
 #include <zencore/compactbinaryvalidation.h>
 #include <zencore/compress.h>
 #include <zencore/enumflags.h>
@@ -842,45 +843,61 @@ HttpStructuredCacheService::HandleGetCacheRecord(HttpServerRequest& Request, con
 		{
 			if (ContentType == ZenContentType::kCbObject)
 			{
-				CbPackage Package;
-				uint32_t  MissingCount = 0;
-
-				CbObjectView CacheRecord(ClientResultValue.Value.Data());
-				CacheRecord.IterateAttachments([this, &MissingCount, &Package, SkipData](CbFieldView AttachmentHash) {
-					if (SkipData)
-					{
-						if (!m_CidStore.ContainsChunk(AttachmentHash.AsHash()))
+				CbPackage		Package;
+				uint32_t		MissingCount  = 0;
+				CbValidateError ValidateError = CbValidateError::None;
+				if (CbObject PackageObject = ValidateAndReadCompactBinaryObject(std::move(ClientResultValue.Value), ValidateError);
+					ValidateError == CbValidateError::None)
+				{
+					CbObjectView CacheRecord(ClientResultValue.Value.Data());
+					CacheRecord.IterateAttachments([this, &MissingCount, &Package, SkipData](CbFieldView AttachmentHash) {
+						if (SkipData)
 						{
-							MissingCount++;
+							if (!m_CidStore.ContainsChunk(AttachmentHash.AsHash()))
+							{
+								MissingCount++;
+							}
 						}
-					}
-					else
-					{
-						if (IoBuffer Chunk = m_CidStore.FindChunkByCid(AttachmentHash.AsHash()))
+						else
 						{
-							CompressedBuffer Compressed = CompressedBuffer::FromCompressedNoValidate(std::move(Chunk));
-							if (Compressed)
+							if (IoBuffer Chunk = m_CidStore.FindChunkByCid(AttachmentHash.AsHash()))
 							{
-								Package.AddAttachment(CbAttachment(Compressed, AttachmentHash.AsHash()));
+								CompressedBuffer Compressed = CompressedBuffer::FromCompressedNoValidate(std::move(Chunk));
+								if (Compressed)
+								{
+									Package.AddAttachment(CbAttachment(Compressed, AttachmentHash.AsHash()));
+								}
+								else
+								{
+									ZEN_WARN("invalid compressed binary returned for {}", AttachmentHash.AsHash());
+									MissingCount++;
+								}
 							}
 							else
 							{
-								ZEN_WARN("invalid compressed binary returned for {}", AttachmentHash.AsHash());
 								MissingCount++;
 							}
 						}
-						else
-						{
-							MissingCount++;
-						}
-					}
-				});
+					});
 
-				Success = MissingCount == 0 || PartialRecord;
+					Success = MissingCount == 0 || PartialRecord;
+				}
+				else
+				{
+					ZEN_WARN("Invalid compact binary payload returned for {}/{}/{} ({}). Reason: '{}'",
+							 Ref.Namespace,
+							 Ref.BucketSegment,
+							 Ref.HashKey,
+							 Ref.ValueContentId,
+							 ToString(ValidateError));
+					Success = false;
+				}
 
 				if (Success)
 				{
-					Package.SetObject(LoadCompactBinaryObject(ClientResultValue.Value));
+					CbObject PackageObject = LoadCompactBinaryObject(std::move(ClientResultValue.Value));
+
+					Package.SetObject(std::move(PackageObject));
 
 					BinaryWriter MemStream;
 					Package.Save(MemStream);