PYTHON-4323 Add regression test for out-of-bounds read when decoding …

…invalid bson (#1693) (cherry picked from commit 77087dd)
mongodb · Jun 20, 2024 · e8fce40 · e8fce40
1 parent 255d190
commit e8fce40
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/test/test_bson.py b/test/test_bson.py
@@ -23,6 +23,7 @@
 import os
 import pickle
 import re
+import struct
 import sys
 import tempfile
 import uuid
@@ -489,6 +490,33 @@ def test_basic_encode(self):
  b"\x00",
  )
 
+ def test_bad_code(self):
+ # Assert that decoding invalid Code with scope does not include a field name.
+ def generate_payload(length: int) -> bytes:
+ string_size = length - 0x1E
+
+ return bytes.fromhex(
+ struct.pack("<I", length).hex() # payload size
+ + "0f" # type "code with scope"
+ + "3100" # key (cstring)
+ + "0a000000" # c_w_s_size
+ + "04000000" # code_size
+ + "41004200" # code (cstring)
+ + "feffffff" # scope_size
+ + "02" # type "string"
+ + "3200" # key (cstring)
+ + struct.pack("<I", string_size).hex() # string size
+ + "00" * string_size # value (cstring)
+ # next bytes is a field name for type \x00
+ # type \x00 is invalid so bson throws an exception
+ )
+
+ for i in range(100):
+ payload = generate_payload(0x54F + i)
+ with self.assertRaisesRegex(InvalidBSON, "invalid") as ctx:
+ bson.decode(payload)
+ self.assertNotIn("fieldname", str(ctx.exception))
+
  def test_unknown_type(self):
  # Repr value differs with major python version
  part = "type {!r} for fieldname 'foo'".format(b"\x14")