From 214d54b42e92f74553c0dc862aa22acd224f6830 Mon Sep 17 00:00:00 2001 From: Rui Abreu Ferreira Date: Wed, 5 Nov 2014 11:59:52 +0000 Subject: msgpack-rpc: Return from msgpack_rpc_validate on error - When validating a msgpack msg we need to return on the first error otherwise we can SEGFAULT with invalid checks --- src/nvim/msgpack_rpc/helpers.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/nvim/msgpack_rpc/helpers.c b/src/nvim/msgpack_rpc/helpers.c index 4414aadb15..22e296f9a6 100644 --- a/src/nvim/msgpack_rpc/helpers.c +++ b/src/nvim/msgpack_rpc/helpers.c @@ -377,14 +377,17 @@ void msgpack_rpc_validate(uint64_t *response_id, // Validate the basic structure of the msgpack-rpc payload if (req->type != MSGPACK_OBJECT_ARRAY) { api_set_error(err, Validation, _("Request is not an array")); + return; } if (req->via.array.size != 4) { api_set_error(err, Validation, _("Request array size should be 4")); + return; } if (req->via.array.ptr[1].type != MSGPACK_OBJECT_POSITIVE_INTEGER) { api_set_error(err, Validation, _("Id must be a positive integer")); + return; } // Set the response id, which is the same as the request @@ -392,18 +395,22 @@ void msgpack_rpc_validate(uint64_t *response_id, if (req->via.array.ptr[0].type != MSGPACK_OBJECT_POSITIVE_INTEGER) { api_set_error(err, Validation, _("Message type must be an integer")); + return; } if (req->via.array.ptr[0].via.u64 != 0) { api_set_error(err, Validation, _("Message type must be 0")); + return; } if (req->via.array.ptr[2].type != MSGPACK_OBJECT_BIN && req->via.array.ptr[2].type != MSGPACK_OBJECT_STR) { api_set_error(err, Validation, _("Method must be a string")); + return; } if (req->via.array.ptr[3].type != MSGPACK_OBJECT_ARRAY) { api_set_error(err, Validation, _("Paremeters must be an array")); + return; } } -- cgit From da3f097807bb7f4b71c4661ef0ccbca2e3ce5f53 Mon Sep 17 00:00:00 2001 From: Rui Abreu Ferreira Date: Wed, 5 Nov 2014 13:16:03 +0000 Subject: msgpack-rpc: Fix typo in validation message --- src/nvim/msgpack_rpc/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nvim/msgpack_rpc/helpers.c b/src/nvim/msgpack_rpc/helpers.c index 22e296f9a6..a702d4f256 100644 --- a/src/nvim/msgpack_rpc/helpers.c +++ b/src/nvim/msgpack_rpc/helpers.c @@ -410,7 +410,7 @@ void msgpack_rpc_validate(uint64_t *response_id, } if (req->via.array.ptr[3].type != MSGPACK_OBJECT_ARRAY) { - api_set_error(err, Validation, _("Paremeters must be an array")); + api_set_error(err, Validation, _("Parameters must be an array")); return; } } -- cgit From 2729ad195b5dd6a12d57c782739726c4b74f780e Mon Sep 17 00:00:00 2001 From: Rui Abreu Ferreira Date: Wed, 5 Nov 2014 19:45:16 +0000 Subject: msgpack-rpc: Don't try to write into a closed channel --- src/nvim/msgpack_rpc/channel.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/nvim/msgpack_rpc/channel.c b/src/nvim/msgpack_rpc/channel.c index 5564bfa1be..3ab868998c 100644 --- a/src/nvim/msgpack_rpc/channel.c +++ b/src/nvim/msgpack_rpc/channel.c @@ -491,6 +491,10 @@ static bool channel_write(Channel *channel, WBuffer *buffer) { bool success; + if (channel->closed) { + return false; + } + if (channel->is_job) { success = job_write(channel->data.job, buffer); } else { -- cgit From 4e880f3f0058dce4a2a8d6fafeee2d89fad291d3 Mon Sep 17 00:00:00 2001 From: Rui Abreu Ferreira Date: Wed, 5 Nov 2014 19:49:03 +0000 Subject: msgpack-rpc: Close channel on invalid msgpack RPC - When an invalid msgpack RPC msg is received from a channel we now close that channel all calls on that channel fail with an error message. --- src/nvim/msgpack_rpc/channel.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/nvim/msgpack_rpc/channel.c b/src/nvim/msgpack_rpc/channel.c index 3ab868998c..aa6008558f 100644 --- a/src/nvim/msgpack_rpc/channel.c +++ b/src/nvim/msgpack_rpc/channel.c @@ -436,6 +436,11 @@ static void handle_request(Channel *channel, msgpack_object *request) &error, NIL, &out_buffer)); + char buf[256]; + snprintf(buf, sizeof(buf), + "Channel %" PRIu64 " sent an invalid message, closing.", + channel->id); + call_set_error(channel, buf); return; } -- cgit