Commit c6e03a5
committed
Release retained mplex frame slice on invalid stream tag
MplexFrameCodec.decode() called data.retain() before validating the
stream tag via MplexFlag.getByValue(). For streamTag == 7 the lookup
throws IllegalArgumentException and the retained slice leaks the
underlying inbound buffer. A remote peer could repeatedly send such
frames to exhaust direct memory.1 parent 461a526 commit c6e03a5
2 files changed
Lines changed: 29 additions & 1 deletion
File tree
- libp2p/src
- main/kotlin/io/libp2p/mux/mplex
- test/kotlin/io/libp2p/mux/mplex
Lines changed: 6 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
73 | 73 | | |
74 | 74 | | |
75 | 75 | | |
76 | | - | |
| 76 | + | |
| 77 | + | |
| 78 | + | |
| 79 | + | |
| 80 | + | |
| 81 | + | |
77 | 82 | | |
78 | 83 | | |
79 | 84 | | |
| |||
Lines changed: 23 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
117 | 117 | | |
118 | 118 | | |
119 | 119 | | |
| 120 | + | |
| 121 | + | |
| 122 | + | |
| 123 | + | |
| 124 | + | |
| 125 | + | |
| 126 | + | |
| 127 | + | |
| 128 | + | |
| 129 | + | |
| 130 | + | |
| 131 | + | |
| 132 | + | |
| 133 | + | |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
120 | 143 | | |
121 | 144 | | |
122 | 145 | | |
| |||
0 commit comments