From 62c547371fea1f7bfe7b6ace2760a0b4eb575606 Mon Sep 17 00:00:00 2001 From: serxoz Date: Tue, 23 Apr 2024 11:08:44 +0200 Subject: [PATCH] removed naive .unwrap() on a String::from_utf8() that parses data received from the savage internet --- fuzz.py | 21 +++++++++++++++++++++ src/main.rs | 12 +++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 fuzz.py diff --git a/fuzz.py b/fuzz.py new file mode 100644 index 0000000..b32dd42 --- /dev/null +++ b/fuzz.py @@ -0,0 +1,21 @@ +import socket + +# Create a UDP socket +sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + +# Define the target host and port +host = '127.0.0.1' +port = 5060 + +# Create a bytes object +# this data was received from the internet in a test environmet... +data = [92, 46, 55, 124, 39, 30, 83, 52, 15, 99, 55, 66, 17, 90, 48, 115, 29, 51, 57, 19, 64, 111, 10, 87, 32, 108, 66, 36, 51, 11, 9, 15, 5, 64, 12, 44, 95, 95, 97, 110, 66, 24, 48, 83, 114, 97, 70, 16, 20, 127, 35, 84, 110, 45, 43, 15, 25, 110, 51, 76, 121, 60, 91, 127, 125, 103, 43, 92, 175, 183] + +# ascii_chars = [chr(i) for i in data] +# print(''.join(ascii_chars)) + +# Send the bytes to the UDP port +sock.sendto(bytes(data), (host, port)) + +# Close the socket +sock.close() diff --git a/src/main.rs b/src/main.rs index 7890004..8b718c4 100644 --- a/src/main.rs +++ b/src/main.rs @@ -78,7 +78,17 @@ impl Server { } // test type of message received - let msg = String::from_utf8(buf[..size].to_vec()).unwrap(); + let msg: String; + let msg_result = String::from_utf8(buf[..size].to_vec()); + + match msg_result { + Ok(m) => msg = m, + Err(_) => { + msg = "".to_string(); + log::warn!("Error converting message to string"); + } + } + match msg { msg if msg.contains("OPTIONS") => { // esperar - tarpit!