fix: bound null-terminated string read to packet end

[wellwelwel]

Previously, the null byte scan could read beyond the current packet into adjacent data in the same backing Buffer. readNullTerminatedString now stops at the logical packet boundary.

Credits: The fix used was totally made by @peaktwilight:

while (end < this.end && this.buffer[end] !== 0x00) {
  end = end + 1;
}

• My work here was basically confirming the bug and creating tests to reproduce the behaviors and cover it.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.41%. Comparing base (7c2ae00) to head (ffb6373).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #4161   +/-   ##
=======================================
  Coverage   90.41%   90.41%           
=======================================
  Files          86       86           
  Lines       13977    13977           
  Branches     1728     1728           
=======================================
  Hits        12638    12638           
  Misses       1339     1339           

Flag	Coverage Δ
compression-0	89.66% <100.00%> (ø)
compression-1	90.39% <100.00%> (ø)
static-parser-0	88.05% <100.00%> (ø)
static-parser-1	88.80% <100.00%> (ø)
tls-0	89.84% <100.00%> (ø)
tls-1	90.19% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[peaktwilight]

Thanks for your work!

[wellwelwel]

Thanks for your work!

Thanks too, @peaktwilight!

"Finding 1" has some more complex concepts to consider when fixing, such as multiple ways to approach corrections, including avoiding breaking changes. I'll think about this a little more calmly before submitting a PR 🙋🏻‍♂️

Note

Both this and #4159 fixes are already available in the canary version, and you can see the credits in #4160 🤝

[peaktwilight]

Awesome thanks so much and lmk if I can help with that one too. Also is it worth doing an advisory for this or not? Tbh not sure :D

[wellwelwel]

Awesome thanks so much and lmk if I can help with that one too. Also is it worth doing an advisory for this or not? Tbh not sure :D

I do believe it is valid (all tests prove the points). Just if possible, wait for #4160 to be merged, submitting the complete report already including the fixes 🤝

[peaktwilight]

Yup will do for sure, I'll also wait on the release to be out to be safe before publishing any kind of writeup. Gn!