comments

kolide · Apr 12, 2024 · c7048f9 · c7048f9
1 parent acaa1c9
commit c7048f9
Show file tree

Hide file tree

Showing 6 changed files with 8 additions and 0 deletions.
diff --git a/boxer.go b/boxer.go
@@ -170,6 +170,7 @@ func (boxer boxMaker) DecodeUnverified(b64 string) (*Box, error) {
 		return nil, fmt.Errorf("decoding base64: %w", err)
 	}
 
+	// Limit size to prevent garbage from filling memory
 	if len(data) > V0MaxSize {
 		return nil, fmt.Errorf("data too big, is %d, max is %d", len(data), V0MaxSize)
 	}
@@ -201,6 +202,7 @@ func (boxer boxMaker) DecodePngUnverified(r io.Reader) (*Box, error) {
 		return nil, fmt.Errorf("decoding png: %w", err)
 	}
 
+	// Limit size to prevent garbage from filling memory
 	if data.Len() > V0MaxSize {
 		return nil, errors.New("looks to be larger than max box size")
 	}
@@ -209,6 +211,7 @@ func (boxer boxMaker) DecodePngUnverified(r io.Reader) (*Box, error) {
 }
 
 func (boxer boxMaker) DecodeRaw(data []byte) (*Box, error) {
+	// Limit size to prevent garbage from filling memory
 	if len(data) > V0MaxSize {
 		return nil, fmt.Errorf("data too big, is %d, max is %d", len(data), V0MaxSize)
 	}

diff --git a/lib/krypto/boxer.rb b/lib/krypto/boxer.rb
@@ -82,6 +82,7 @@ def decode_unverified(data)
     end
 
     def decode(data, verify: true, raw: false, png: false)
+      # Limit size to prevent garbage from filling memory
       if data.size > MAX_CHALLENGE_SIZE
         raise "box too large"
       end

diff --git a/lib/krypto/challenge.rb b/lib/krypto/challenge.rb
@@ -32,6 +32,7 @@ def self.generate(signing_key, challenge_id, challenge_data, request_data, times
     end
 
     def self.unmarshal(data, png: false, base64: true)
+      # Limit size to prevent garbage from filling memory
       if data.size > MAX_CHALLENGE_SIZE
         raise "challenge too large"
       end

diff --git a/pkg/challenge/challenge.go b/pkg/challenge/challenge.go
@@ -144,6 +144,7 @@ func (o *OuterChallenge) RespondPng(signer crypto.Signer, signer2 crypto.Signer,
 }
 
 func UnmarshalChallenge(outerChallengeBytes []byte) (*OuterChallenge, error) {
+	// Limit size to prevent garbage from filling memory
 	if len(outerChallengeBytes) > krypto.V0MaxSize {
 		return nil, fmt.Errorf("challenge exceeds max size: %d, max is %d", len(outerChallengeBytes), krypto.V0MaxSize)
 	}

diff --git a/pkg/challenge/response.go b/pkg/challenge/response.go
@@ -84,6 +84,7 @@ type InnerResponse struct {
 }
 
 func UnmarshalResponse(outerResponseBytes []byte) (*OuterResponse, error) {
+	// Limit size to prevent garbage from filling memory
 	if len(outerResponseBytes) > krypto.V0MaxSize {
 		return nil, fmt.Errorf("response to large: is %d, max is %d", len(outerResponseBytes), krypto.V0MaxSize)
 	}

diff --git a/png.go b/png.go
@@ -62,6 +62,7 @@ func ToPngNoMaxSize(w io.Writer, data []byte) error {
 func ToPng(w io.Writer, data []byte) error {
 	dataSize := len(data)
 
+	// Limit size to prevent garbage from filling memory
 	if dataSize > V0MaxSize {
 		return fmt.Errorf("data too big: %d is bigger than %d", dataSize, V0MaxSize)
 	}