[redis_proxy] added a constraint for route.prefix().size()#12637
Merged
mattklein123 merged 14 commits intoenvoyproxy:masterfrom Aug 14, 2020
Merged
[redis_proxy] added a constraint for route.prefix().size()#12637mattklein123 merged 14 commits intoenvoyproxy:masterfrom
mattklein123 merged 14 commits intoenvoyproxy:masterfrom
Conversation
trie. Signed-off-by: jianwen <jianwendong@google.com>
Signed-off-by: jianwen <jianwendong@google.com>
Signed-off-by: jianwen <jianwendong@google.com>
Signed-off-by: jianwen <jianwendong@google.com>
Signed-off-by: jianwen <jianwendong@google.com>
Signed-off-by: jianwen <jianwendong@google.com>
Signed-off-by: jianwen <jianwendong@google.com>
Signed-off-by: jianwen <jianwendong@google.com>
Signed-off-by: jianwen <jianwendong@google.com>
Signed-off-by: jianwen <jianwendong@google.com>
Signed-off-by: jianwen <jianwendong@google.com>
| : nullptr) { | ||
|
|
||
| for (auto const& route : config.routes()) { | ||
| if(route.prefix().size() > 1000){ |
Member
There was a problem hiding this comment.
Can't this be a PGV annotation?
Contributor
Author
There was a problem hiding this comment.
Can't this be a PGV annotation?
Oh I can make it part of PGV. Do you think 1000 is ok?
Signed-off-by: jianwen <jianwendong@google.com>
mpuncel
added a commit
to mpuncel/envoy
that referenced
this pull request
Aug 14, 2020
* master: (67 commits) logger: support log control in admin interface and command line option for Fancy Logger (envoyproxy#12369) test: fix http_timeout_integration_test flake (envoyproxy#12654) [fuzz]added an input check in writefilter fuzzer and added test cases (envoyproxy#12628) add 'explicit' restriction. (envoyproxy#12643) scoped_rds_integration_test migrate from api v2 to api v3. (envoyproxy#12633) fuzz: added fuzz test for listener filter tls_inspector (envoyproxy#12617) testing: fix multiple race conditions in simulated time tests (envoyproxy#12527) [tls] Move handshaking behavior into SslSocketInfo. (envoyproxy#12571) header: getting rid of exception-throwing behaviors in header files [the rest] (envoyproxy#12611) router: add new ratelimited retry backoff strategy (envoyproxy#12202) [redis_proxy] added a constraint for route.prefix().size() (envoyproxy#12637) network: add tcp listener backlog config (envoyproxy#12625) runtime: debug log that condition is always true when fractionalPercent numerator > denominator (envoyproxy#12068) WatchDog Extension hook (envoyproxy#12416) router: add dynamic metadata header formatter (envoyproxy#11858) statsd: revert visibility to public (envoyproxy#12621) Fix regression of /build_* in gitignore (envoyproxy#12630) Added a missing extension point to documentation. (envoyproxy#12620) Reverts proxy protocol test on windows (envoyproxy#12619) caching: Improved the tests and coverage of the CacheFilter tree (envoyproxy#12544) ... Signed-off-by: Michael Puncel <mpuncel@squareup.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Additional Description:
In
TrieLookupTablethe default destructor will use call-stack to recursively find all unique_ptr and reset them. If the string added to Trie is very long, for example, with 40000 characters, the Trie will have a depth of 40000 and call-stack will encounter stack-overflow.Added a constraint length<=1000 for route.prefix().size().
Risk Level: low
Passed a crashed test case reported by network_readfilter_fuzz_test.
[Optional Fixes #Issue] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24558&sort=-opened&can=1&q=proj%3Aenvoy%20status%3DNew
/cc @mattklein123
/cc @asraa
/cc @samkerner