tape: Respect limits when dynamically decoding

2025-08-28 12:31:49 -04:00 · 2025-08-28 12:31:49 -04:00 · e28ab4dc6b
commit e28ab4dc6b
parent 80161b37f7
1 changed files with 14 additions and 1 deletions
--- a/tape/dynamic.go
+++ b/tape/dynamic.go
@ -145,7 +145,11 @@ func decodeAnyOrError(decoder *Decoder, destination reflect.Value, tag Tag) (n i
 		n += nn; if err != nil { return n, err }
 	case SBA:
 		// SBA: <data: U8>*
-		buffer := make([]byte, tag.CN())
+		length := tag.CN()
+		if length > MaxStructureLength {
+			return 0, ErrTooLong
+		}
+		buffer := make([]byte, length)
 		nn, err := decoder.Read(buffer)
 		n += nn; if err != nil { return n, err }
 		setByteArray(destination, buffer)
@ -153,6 +157,9 @@ func decodeAnyOrError(decoder *Decoder, destination reflect.Value, tag Tag) (n i
 		// LBA: <length: UN> <data: U8>*
 		length, nn, err := decoder.ReadUintN(tag.CN() + 1)
 		n += nn; if err != nil { return n, err }
+		if length > uint64(MaxStructureLength) {
+			return 0, ErrTooLong
+		}
 		buffer := make([]byte, length)
 		nn, err = decoder.Read(buffer)
 		n += nn; if err != nil { return n, err }
@ -161,6 +168,9 @@ func decodeAnyOrError(decoder *Decoder, destination reflect.Value, tag Tag) (n i
 		// OTA: <length: UN> <elementTag: tape.Tag> <values>*
 		length, nn, err := decoder.ReadUintN(tag.CN() + 1)
 		n += nn; if err != nil { return n, err }
+		if length > uint64(MaxStructureLength) {
+			return 0, ErrTooLong
+		}
 		oneTag, nn, err := decoder.ReadTag()
 		n += nn; if err != nil { return n, err }
 		if destination.Cap() < int(length) {
@ -191,6 +201,9 @@ func decodeAnyOrError(decoder *Decoder, destination reflect.Value, tag Tag) (n i
 		// KTV: <length: UN> (<key: U16> <tag: Tag> <value>)*
 		length, nn, err := decoder.ReadUintN(tag.CN() + 1)
 		n += nn; if err != nil { return n, err }
+		if length > uint64(MaxStructureLength) {
+			return 0, ErrTooLong
+		}
 		destination.Clear()
 		for _ = range length {
 			key, nn, err := decoder.ReadUint16()