You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
case 5:
ipDollar=ipS[ippt-3 : ippt+1]
//line ip.y:54
{
mask:=net.CIDRMask(int(ipDollar[3].num), 32) // mask == nil if original mask is invalidmin:=ipDollar[1].addrRange.Min.Mask(mask) // min == nil in this case toomaxInt:=binary.BigEndian.Uint32([]byte(min)) +0xffffffff-binary.BigEndian.Uint32([]byte(mask)) // nil passed to Uint32 causes a panic maxBytes:=make([]byte, 4)
Passing a nil or short byte[] to `Uint32 results in a panic. The bounds check hint which causes the panic can be seen here:
func (bigEndian) Uint32(b []byte) uint32 {
_=b[3] // bounds check hint to compiler; see golang.org/issue/14808returnuint32(b[3]) |uint32(b[2])<<8|uint32(b[1])<<16|uint32(b[0])<<24
}
Solution
I am not very familiar with the codebase so these might be way off.
Quick: Check mask' and minvalues in [y.go#L502](https://github.com/malfunkt/iprange/blob/master/y.go#L502) before passing it toUint32`
Not quick but IMO better solution: Check input for validity before passing it down. For example check if mask value is valid (16-30 if I am not mistaken).
The text was updated successfully, but these errors were encountered:
This minimal example for
10.0.0.0/40
results in a panic:
With an invalid mask, the
mask
variable coming fromnet.CIDRMask
at https://github.com/malfunkt/iprange/blob/master/y.go#L502 isnil
:Passing a
nil
or shortbyte[]
to `Uint32 results in a panic. The bounds check hint which causes the panic can be seen here:Solution
I am not very familiar with the codebase so these might be way off.
mask' and
minvalues in [y.go#L502](https://github.com/malfunkt/iprange/blob/master/y.go#L502) before passing it to
Uint32`The text was updated successfully, but these errors were encountered: