Skip to content

Commit

Permalink
Add additional checks in chunking functionality
Browse files Browse the repository at this point in the history
  • Loading branch information
@dhurley
dhurley committed May 9, 2024
1 parent 5b6336d commit 6c8d2a2
Show file tree
Hide file tree
Showing 5 changed files with 97 additions and 4 deletions.
25 changes: 24 additions & 1 deletion sdk/checksum/checksum.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ package checksum
import (
"crypto/sha256"
"fmt"
"math"

log "github.com/sirupsen/logrus"
)

// Checksum - calculate checksum from []byte
Expand All @@ -26,13 +29,33 @@ func HexChecksum(b []byte) string {
// Chunk - split bytes to chunk limits
func Chunk(buf []byte, lim int) [][]byte {
var chunk []byte
chunks := make([][]byte, 0, len(buf)/lim+1)
bufSize := len(buf)

if bufSize == 0 {
return [][]byte{}
}

if bufSize <= lim {
return [][]byte{buf}
}

chuckSize := bufSize / lim

if chuckSize > math.MaxInt64-1 {
log.Error("Unable to chuck payload. Data too large.")
return [][]byte{}
}

chunks := make([][]byte, 0, chuckSize+1)

Check failure

Code scanning / CodeQL

Size computation for allocation may overflow High

This operation, which is used in an
allocation
Loading
, involves a
potentially large value
Loading
and might overflow.
This operation, which is used in an
allocation
Loading
, involves a
potentially large value
Loading
and might overflow.

for len(buf) >= lim {
chunk, buf = buf[:lim], buf[lim:]
chunks = append(chunks, chunk)
}

if len(buf) > 0 {
chunks = append(chunks, buf[:])
}

return chunks
}
1 change: 1 addition & 0 deletions sdk/checksum/checksum_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,6 +87,7 @@ func TestHexChunk(t *testing.T) {
expected: [][]byte{},
},
}

for _, test := range tests {
result := Chunk(test.input, test.limit)
assert.Equal(t, test.expected, result)
Expand Down
25 changes: 24 additions & 1 deletion test/integration/vendor/github.com/nginx/agent/sdk/v2/checksum/checksum.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

25 changes: 24 additions & 1 deletion test/performance/vendor/github.com/nginx/agent/sdk/v2/checksum/checksum.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

25 changes: 24 additions & 1 deletion vendor/github.com/nginx/agent/sdk/v2/checksum/checksum.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 6c8d2a2

Please sign in to comment.