rafaelcaricio/actual
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix: enforce proper length constraints on timestamp counter and node id

Browse source
This commit is contained in:
Tom French 2022-05-09 11:32:18 +01:00 committed by James Long
parent c66c316b95
commit 966e49ad54
1 changed files with 14 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
packages/loot-core/src/server/timestamp.js
View file

@ -75,6 +75,9 @@ var config = {
maxDrift: 5 * 60 * 1000
};
const MAX_COUNTER = parseInt('0xFFFF');
const MAX_NODE_LENGTH = 16;
/**
* timestamp instance class
*/
@ -191,7 +194,7 @@ Timestamp.send = function() {
if (lNew - phys > config.maxDrift) {
throw new Timestamp.ClockDriftError(lNew, phys, config.maxDrift);
}
if (cNew > 65535) {
if (cNew > MAX_COUNTER) {
throw new Timestamp.OverflowError();
}
@ -253,7 +256,7 @@ Timestamp.recv = function(msg) {
if (lNew - phys > config.maxDrift) {
throw new Timestamp.ClockDriftError();
}
if (cNew > 65535) {
if (cNew > MAX_COUNTER) {
throw new Timestamp.OverflowError();
}
@ -279,8 +282,16 @@ Timestamp.parse = function(timestamp) {
var millis = Date.parse(parts.slice(0, 3).join('-')).valueOf();
var counter = parseInt(parts[3], 16);
var node = parts[4];
if (!isNaN(millis) && !isNaN(counter))
if (
!isNaN(millis) &&
millis >= 0 &&
!isNaN(counter) &&
counter <= MAX_COUNTER &&
typeof node === 'string' &&
node.length <= MAX_NODE_LENGTH
) {
return new Timestamp(millis, counter, node);
}
}
}
return null;