From 8834c720e7ad0e49ffa5a9d11bef4113e1e66baf Mon Sep 17 00:00:00 2001
From: Dan Engelbrecht <dan.engelbrecht@epicgames.com>
Date: Wed, 16 Oct 2024 10:26:11 +0200
Subject: validate compact binary rpc requests before trying to parse them
 (#200)

---
 src/zenstore/cache/cacherpc.cpp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'src/zenstore/cache/cacherpc.cpp')

diff --git a/src/zenstore/cache/cacherpc.cpp b/src/zenstore/cache/cacherpc.cpp
index ec045af2f..2a7721fe2 100644
--- a/src/zenstore/cache/cacherpc.cpp
+++ b/src/zenstore/cache/cacherpc.cpp
@@ -174,11 +174,17 @@ CacheRpcHandler::HandleRpcRequest(const CacheRequestContext& Context,
 	{
 		if (ContentType == ZenContentType::kCbObject)
 		{
+			if (CbValidateError Error = ValidateCompactBinary(Body.GetView(), CbValidateMode::Default); Error != CbValidateError::None)
+			{
+				ZEN_WARN("Content format is corrupt, compact binary format validation failed. Reason: '{}'", ToString(Error));
+				return RpcResponseCode::BadRequest;
+			}
+
 			ObjectBuffer = LoadCompactBinaryObject(std::move(Body));
 			Object		 = ObjectBuffer;
 			if (!Object)
 			{
-				ZEN_WARN("Content format not supported, expected compact binary format")
+				ZEN_WARN("Content format not supported, expected compact binary format");
 				return RpcResponseCode::BadRequest;
 			}
 		}
@@ -202,6 +208,9 @@ CacheRpcHandler::HandleRpcRequest(const CacheRequestContext& Context,
 			{
 				if (UriNamespace != ParamsNamespace)
 				{
+					ZEN_WARN("Rpc message namespace mismatch, request rejected. Expected '{}', received '{}'",
+							 UriNamespace,
+							 ParamsNamespace.value());
 					return RpcResponseCode::BadRequest;
 				}
 			}
-- 
cgit v1.2.3