github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

security: resolve incorrect type conversions

pull/21251/head
dduzgun-security 2024-06-04 00:26:33 -04:00
parent 4edf369313
commit 107516c971
No known key found for this signature in database
GPG Key ID: 6C3D93CAE50C7EC9
4 changed files with 24 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
agent/consul/leader_registrator_v2.go
View File

@ -175,6 +175,10 @@ func (r V2ConsulRegistrator) createWorkloadFromMember(member serf.Member, parts
workloadMeta["grpc_tls_port"] = strconv.Itoa(parts.ExternalGRPCTLSPort)
}
if parts.Port < 0 || parts.Port > 65535 {
return nil, fmt.Errorf("invalid port: %d", parts.Port)
}
workload := &pbcatalog.Workload{
Addresses: []*pbcatalog.WorkloadAddress{
{Host: member.Addr.String(), Ports: []string{consulPortNameServer}},

17
agent/xds/response/response.go
View File

@ -53,16 +53,19 @@ func MakePipeAddress(path string, mode uint32) *envoy_core_v3.Address {
}
func MakeAddress(ip string, port int) *envoy_core_v3.Address {
return &envoy_core_v3.Address{
Address: &envoy_core_v3.Address_SocketAddress{
SocketAddress: &envoy_core_v3.SocketAddress{
Address: ip,
PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{
PortValue: uint32(port),
if port >= 0 && port <= 65535 {
return &envoy_core_v3.Address{
Address: &envoy_core_v3.Address_SocketAddress{
SocketAddress: &envoy_core_v3.SocketAddress{
Address: ip,
PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{
PortValue: uint32(port),
},
},
},
},
}
}
return nil
}
func MakeUint32Value(n int) *wrapperspb.UInt32Value {

6
agent/xds/testing.go
View File

@ -125,15 +125,15 @@ func stringToEnvoyVersion(vs string) (*envoy_type_v3.SemanticVersion, bool) {
return nil, false
}
major, err := strconv.Atoi(parts[0])
major, err := strconv.ParseUint(parts[0], 10, 32)
if err != nil {
return nil, false
}
minor, err := strconv.Atoi(parts[1])
minor, err := strconv.ParseUint(parts[1], 10, 32)
if err != nil {
return nil, false
}
patch, err := strconv.Atoi(parts[2])
patch, err := strconv.ParseUint(parts[2], 10, 32)
if err != nil {
return nil, false
}

7
api/api.go
View File

@ -10,6 +10,7 @@ import (
"encoding/json"
"fmt"
"io"
"math"
"net"
"net/http"
"net/url"
@ -1181,6 +1182,9 @@ func parseQueryMeta(resp *http.Response, q *QueryMeta) error {
if err != nil {
return fmt.Errorf("Failed to parse X-Consul-LastContact: %v", err)
}
if last > math.MaxInt64 {
return fmt.Errorf("X-Consul-LastContact Header value is out of range: %d", last)
}
q.LastContact = time.Duration(last) * time.Millisecond
// Parse the X-Consul-KnownLeader
@ -1222,6 +1226,9 @@ func parseQueryMeta(resp *http.Response, q *QueryMeta) error {
if err != nil {
return fmt.Errorf("Failed to parse Age Header: %v", err)
}
if age > math.MaxInt64 {
return fmt.Errorf("Age Header value is out of range: %d", last)
}
q.CacheAge = time.Duration(age) * time.Second
}