sysenc: refuse to unmarshal into undersized dst

Unmarshal currently doesn't check that unmarshaling actually consumes to full buffer. This means that looking uint16 from an uint32 value doesn't return an error. Fixes #1157 Signed-off-by: Lorenz Bauer <lmb@isovalent.com>
cilium · Oct 20, 2023 · 741a2e9 · 741a2e9
1 parent 0d47e51
commit 741a2e9
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/internal/sysenc/marshal.go b/internal/sysenc/marshal.go
@@ -99,7 +99,15 @@ func Unmarshal(data interface{}, buf []byte) error {
 
 		rd.Reset(buf)
 
-		return binary.Read(rd, internal.NativeEndian, value)
+		if err := binary.Read(rd, internal.NativeEndian, value); err != nil {
+			return err
+		}
+
+		if rd.Len() != 0 {
+			return fmt.Errorf("unmarshaling %T doesn't consume all data", data)
+		}
+
+		return nil
 	}
 }
 

diff --git a/map_test.go b/map_test.go
@@ -227,6 +227,14 @@ func TestBatchAPIHash(t *testing.T) {
 	}
 }
 
+func TestMapLookupKeyTooSmall(t *testing.T) {
+	m := createArray(t)
+
+	var small uint16
+	qt.Assert(t, m.Put(uint32(0), uint32(1234)), qt.IsNil)
+	qt.Assert(t, m.Lookup(uint32(0), &small), qt.IsNotNil)
+}
+
 func TestBatchAPIMapDelete(t *testing.T) {
 	if err := haveBatchAPI(); err != nil {
 		t.Skipf("batch api not available: %v", err)