From 423df6c681c226d8b4bff8c909ccd745c3c61c13 Mon Sep 17 00:00:00 2001 From: "Marc J. Schmidt" Date: Thu, 9 Jan 2025 20:00:16 +0100 Subject: [PATCH] fix(bson): throw on invalid string data for invalid buffer is received is it necessary to check buffer size to not endlessly loop to find the end of a string. --- packages/bson/src/bson-parser.ts | 7 +++++-- packages/bson/tests/bson-parser.spec.ts | 19 +++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/packages/bson/src/bson-parser.ts b/packages/bson/src/bson-parser.ts index d73f20f10..40542c04a 100644 --- a/packages/bson/src/bson-parser.ts +++ b/packages/bson/src/bson-parser.ts @@ -279,14 +279,17 @@ export class BaseParser { */ stringSize(): number { let end = this.offset; - while (this.buffer[end] !== 0) end++; + while (this.buffer[end] !== 0 && end < this.size) end++; end++; //null return end - this.offset; } eatObjectPropertyName() { let end = this.offset; - while (this.buffer[end] !== 0) end++; + while (this.buffer[end] !== 0) { + if (end >= this.size) throw new SerializationError('Unexpected end of buffer'); + end++; + } const s = decodeUTF8(this.buffer, this.offset, end); this.offset = end + 1; return s; diff --git a/packages/bson/tests/bson-parser.spec.ts b/packages/bson/tests/bson-parser.spec.ts index 766e1168e..f9fa39441 100644 --- a/packages/bson/tests/bson-parser.spec.ts +++ b/packages/bson/tests/bson-parser.spec.ts @@ -4,6 +4,8 @@ import { deserializeBSON, getBSONDeserializer } from '../src/bson-deserializer.j import { BinaryBigInt, copyAndSetParent, MongoId, nodeBufferToArrayBuffer, PrimaryKey, Reference, ReflectionKind, SignedBinaryBigInt, TypeObjectLiteral, typeOf, uuid, UUID } from '@deepkit/type'; import { getClassName } from '@deepkit/core'; import { serializeBSONWithoutOptimiser } from '../src/bson-serializer.js'; +import { BSONType } from '../src/utils'; +import { deserializeBSONWithoutOptimiser } from '../src/bson-parser'; const { deserialize, serialize } = bson; @@ -754,3 +756,20 @@ test('additional are ignored', () => { const back = fn(bson); expect(back).toEqual({ismaster: true}); }); + +test('invalid buffer, string parse', () => { + const buffer = Buffer.from([ + 28, 0, 0, 0, //size + BSONType.BINARY, //just some type + 112, 111, 115, 105, 116, 105, 111, 110, // 0, /'/position\n' without ending + // to simulate a buffer that is not correctly serialized + ]); + + expect(() => deserializeBSONWithoutOptimiser(buffer)).toThrow('Unexpected end of buffer'); + + const deserialize = getBSONDeserializer<{ position: Uint8Array }>(); + expect(() => deserialize(buffer)).toThrow('Cannot convert undefined value to Uint8Array'); + + const deserialize2 = getBSONDeserializer<{ [name: string]: Uint8Array }>(); + expect(() => deserialize2(buffer)).toThrow('Serialization failed. Unexpected end of buffer'); +});