From 629c6f4b5e00a9ebc13fc87160361154211b6ed4 Mon Sep 17 00:00:00 2001 From: Scala Steward <43047562+scala-steward@users.noreply.github.com> Date: Wed, 12 Jul 2023 16:58:15 +0200 Subject: [PATCH 1/5] Update sbt to 1.9.2 (#746) --- project/build.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/project/build.properties b/project/build.properties index ffd11bcc..7a2f2cd1 100755 --- a/project/build.properties +++ b/project/build.properties @@ -1,2 +1,2 @@ -sbt.version=1.9.1 +sbt.version=1.9.2 From 596b6faea3053c77099b2c02470f8d73ca8cb0c1 Mon Sep 17 00:00:00 2001 From: Scala Steward <43047562+scala-steward@users.noreply.github.com> Date: Wed, 12 Jul 2023 16:58:24 +0200 Subject: [PATCH 2/5] Update airframe-json, airspec to 23.7.1 (#744) --- build.sbt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.sbt b/build.sbt index ca8f9cf6..c3b3e1ce 100644 --- a/build.sbt +++ b/build.sbt @@ -5,7 +5,7 @@ Global / concurrentRestrictions := Seq( Tags.limit(Tags.Test, 1) ) -val AIRFRAME_VERSION = "23.5.7" +val AIRFRAME_VERSION = "23.7.1" // Use dynamic snapshot version strings for non tagged versions ThisBuild / dynverSonatypeSnapshots := true From b3f5e806581ee7208e54cb8db328fe066ebdd927 Mon Sep 17 00:00:00 2001 From: Scala Steward <43047562+scala-steward@users.noreply.github.com> Date: Mon, 17 Jul 2023 19:14:57 +0200 Subject: [PATCH 3/5] Update airframe-json, airspec to 23.7.2 (#748) --- build.sbt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.sbt b/build.sbt index c3b3e1ce..58aee857 100644 --- a/build.sbt +++ b/build.sbt @@ -5,7 +5,7 @@ Global / concurrentRestrictions := Seq( Tags.limit(Tags.Test, 1) ) -val AIRFRAME_VERSION = "23.7.1" +val AIRFRAME_VERSION = "23.7.2" // Use dynamic snapshot version strings for non tagged versions ThisBuild / dynverSonatypeSnapshots := true From 2465fd311a6905be459975664e5ca123d921d089 Mon Sep 17 00:00:00 2001 From: Scala Steward <43047562+scala-steward@users.noreply.github.com> Date: Tue, 25 Jul 2023 00:17:58 +0200 Subject: [PATCH 4/5] Update sbt to 1.9.3 (#750) --- project/build.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/project/build.properties b/project/build.properties index 7a2f2cd1..91550e82 100755 --- a/project/build.properties +++ b/project/build.properties @@ -1,2 +1,2 @@ -sbt.version=1.9.2 +sbt.version=1.9.3 From 3085cc16dabbd13bedcb7d8820af255b606c1470 Mon Sep 17 00:00:00 2001 From: "Taro L. Saito" Date: Mon, 31 Jul 2023 10:08:18 -0700 Subject: [PATCH 5/5] core (fix): Fix MessageUnpacker.unpackValue to check the custom stringSizeLimit (#753) * core (fix): Fix MessageUnpacker.unpackValue to check the custom stringSizeLimit * Cover unpackVariable(var) --- .../org/msgpack/core/MessageUnpacker.java | 6 +++ .../org/msgpack/core/StringLimitTest.scala | 37 +++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 msgpack-core/src/test/scala/org/msgpack/core/StringLimitTest.scala diff --git a/msgpack-core/src/main/java/org/msgpack/core/MessageUnpacker.java b/msgpack-core/src/main/java/org/msgpack/core/MessageUnpacker.java index ff638b74..8da8d794 100644 --- a/msgpack-core/src/main/java/org/msgpack/core/MessageUnpacker.java +++ b/msgpack-core/src/main/java/org/msgpack/core/MessageUnpacker.java @@ -624,6 +624,9 @@ public ImmutableValue unpackValue() return ValueFactory.newFloat(unpackDouble()); case STRING: { int length = unpackRawStringHeader(); + if (length > stringSizeLimit) { + throw new MessageSizeException(String.format("cannot unpack a String of size larger than %,d: %,d", stringSizeLimit, length), length); + } return ValueFactory.newString(readPayload(length), true); } case BINARY: { @@ -689,6 +692,9 @@ public Variable unpackValue(Variable var) return var; case STRING: { int length = unpackRawStringHeader(); + if (length > stringSizeLimit) { + throw new MessageSizeException(String.format("cannot unpack a String of size larger than %,d: %,d", stringSizeLimit, length), length); + } var.setStringValue(readPayload(length)); return var; } diff --git a/msgpack-core/src/test/scala/org/msgpack/core/StringLimitTest.scala b/msgpack-core/src/test/scala/org/msgpack/core/StringLimitTest.scala new file mode 100644 index 00000000..96319a7f --- /dev/null +++ b/msgpack-core/src/test/scala/org/msgpack/core/StringLimitTest.scala @@ -0,0 +1,37 @@ +package org.msgpack.core + +import org.msgpack.core.MessagePack.UnpackerConfig +import org.msgpack.value.Variable +import wvlet.airspec.AirSpec + +class StringLimitTest extends AirSpec { + + test("throws an exception when the string size exceeds a limit") { + val customLimit = 100 + val packer = MessagePack.newDefaultBufferPacker() + packer.packString("a" * (customLimit + 1)) + val msgpack = packer.toByteArray + + test("unpackString") { + val unpacker = new UnpackerConfig().withStringSizeLimit(customLimit).newUnpacker(msgpack) + intercept[MessageSizeException] { + unpacker.unpackString() + } + } + + test("unpackValue") { + val unpacker = new UnpackerConfig().withStringSizeLimit(customLimit).newUnpacker(msgpack) + intercept[MessageSizeException] { + unpacker.unpackValue() + } + } + + test("unpackValue(var)") { + val unpacker = new UnpackerConfig().withStringSizeLimit(customLimit).newUnpacker(msgpack) + intercept[MessageSizeException] { + val v = new Variable() + unpacker.unpackValue(v) + } + } + } +}