cbor_py icon indicating copy to clipboard operation
cbor_py copied to clipboard

Published 20 hours ago verified publisher icon brianolson

Truncated byte string inside Tag 24 does not raise exception

Open becarpenter opened this issue 7 years ago • 2 comments

If cbor.loads() encounters a Tag 24 (CBOR-in-CBOR) item whose byte string is accidentally truncated, it does not throw an exception; it simply returns a truncated result. Here's an example. The statement 'cbor.loads(raw2)' should raise an exception, because the Tag 24 length indicates 233 (0xe9) bytes but there are fewer than that. (Carsten Bormann confirms that the Ruby code does raise EOFError in this case.)

import cbor raw1=bytes.fromhex('d81858e95900e686782650545220202a205a65726f636f6e662e5f687474702e5f7463702e646e732d73642e6f72672e82781853525620302030203830207a65726f636f6e662e6f72672e70412035302e3139372e3133382e31303178185458542022747874766572733d31222022706174683d2f22782b50545220202a204d756c74696361737420444e532e5f687474702e5f7463702e646e732d73642e6f72672e82781c53525620302030203830206d756c746963617374646e732e6f72672e70412035302e3139372e3133382e31303178185458542022747874766572733d31222022706174683d2f22') cbor.loads(raw1) Tag(24, b'Y\x00\xe6\x86x&PTR * Zeroconf._http._tcp.dns-sd.org.\x82x\x18SRV 0 0 80 zeroconf.org.pA 50.197.138.101x\x18TXT "txtvers=1" "path=/"x+PTR * Multicast DNS._http._tcp.dns-sd.org.\x82x\x1cSRV 0 0 80 multicastdns.org.pA 50.197.138.101x\x18TXT "txtvers=1" "path=/"') raw2=bytes.fromhex('d81858e95900e686782650545220202a205a65726f636f6e662e5f687474702e5f7463702e646e732d73642e6f72672e82781853525620302030203830207a65726f636f6e662e6f72672e70412035302e3139372e3133382e31303178185458542022747874766572733d31222022706174683d2f22782b50545220202a204d756c74696361737420444e532e5f687474702e5f7463702e646e732d73642e6f72672e82781c53525620302030203830206d756c746963617374646e732e6f72672e70412035302e3139372e3133382e31303178185458542022747874766572733d312220') cbor.loads(raw2) Tag(24, b'Y\x00\xe6\x86x&PTR * Zeroconf._http._tcp.dns-sd.org.\x82x\x18SRV 0 0 80 zeroconf.org.pA 50.197.138.101x\x18TXT "txtvers=1" "path=/"x+PTR * Multicast DNS._http._tcp.dns-sd.org.\x82x\x1cSRV 0 0 80 multicastdns.org.pA 50.197.138.101x\x18TXT "txtvers=1" ') len(raw1) 237 len(raw2) 229 0xe9 233

becarpenter avatar Aug 20 '17 20:08 becarpenter

BTW that was Python 3. If you prefer Python 2 see below. And it's the same on Windows or Linux. import cbor import binascii raw1=binascii.a2b_hex('d81858e95900e686782650545220202a205a65726f636f6e662e5f687474702e5f7463702e646e732d73642e6f72672e82781853525620302030203830207a65726f636f6e662e6f72672e70412035302e3139372e3133382e31303178185458542022747874766572733d31222022706174683d2f22782b50545220202a204d756c74696361737420444e532e5f687474702e5f7463702e646e732d73642e6f72672e82781c53525620302030203830206d756c746963617374646e732e6f72672e70412035302e3139372e3133382e31303178185458542022747874766572733d31222022706174683d2f22') print cbor.loads(raw1)

raw2=binascii.a2b_hex('d81858e95900e686782650545220202a205a65726f636f6e662e5f687474702e5f7463702e646e732d73642e6f72672e82781853525620302030203830207a65726f636f6e662e6f72672e70412035302e3139372e3133382e31303178185458542022747874766572733d31222022706174683d2f22782b50545220202a204d756c74696361737420444e532e5f687474702e5f7463702e646e732d73642e6f72672e82781c53525620302030203830206d756c746963617374646e732e6f72672e70412035302e3139372e3133382e31303178185458542022747874766572733d312220') print cbor.loads(raw2) ## should fail but doesn't

print len(raw1),len(raw2),0xe9 ##outputs: 237, 229, 233

becarpenter avatar Aug 21 '17 01:08 becarpenter

Very likely this is caused by issue #1

becarpenter avatar Aug 21 '17 23:08 becarpenter