Check BlobHeader and Blob content size

Files with BlobHeaders or Blob contents over a certain size are
considered corrupt -> Stop parsing those files and return an error.

src/blob.rs

@@ -8,7 +8,7 @@ use byteorder::ReadBytesExt;
 use errors::*;
 use proto::fileformat;
 use std::fs::File;
-use std::io::{BufReader, ErrorKind, Read};
+use std::io::{BufReader, Read};
 use std::path::Path;
 use util::{parse_message_from_bytes, parse_message_from_reader};
 
@@ -19,6 +19,13 @@ use flate2::read::ZlibDecoder;
 use inflate::DeflateDecoder;
 
 
+/// Maximum allowed `BlobHeader` size in bytes.
+pub static MAX_BLOB_HEADER_SIZE: u64 = 64 * 1024;
+
+/// Maximum allowed uncompressed `Blob` content size in bytes.
+pub static MAX_BLOB_MESSAGE_SIZE: u64 = 32 * 1024 * 1024;
+
+
 /// The content type of a blob.
 #[derive(Debug, Eq, PartialEq)]
 pub enum BlobType<'a> {
@@ -166,22 +173,27 @@ impl<R: Read> Iterator for BlobReader<R> {
             return None;
         }
 
-        let size: u64 = match self.reader.read_u32::<byteorder::BigEndian>() {
+        let header_size: u64 = match self.reader.read_u32::<byteorder::BigEndian>() {
             Ok(n) => u64::from(n),
             Err(e) => {
                 match e.kind() {
-                    ErrorKind::UnexpectedEof => {
+                    ::std::io::ErrorKind::UnexpectedEof => {
                         return None
                     },
                     _ => {
                         self.last_blob_ok = false;
-                        return Some(Err(Error::with_chain(e, "Could not decode blob size")));
+                        return Some(Err(Error::with_chain(e, "Could not decode blob header size")));
                     },
                 }
             },
         };
 
-        let header: fileformat::BlobHeader = match parse_message_from_reader(&mut self.reader.by_ref().take(size)) {
+        if header_size >= MAX_BLOB_HEADER_SIZE {
+            self.last_blob_ok = false;
+            return Some(Err(ErrorKind::BlobHeaderTooBig(header_size).into()));
+        }
+
+        let header: fileformat::BlobHeader = match parse_message_from_reader(&mut self.reader.by_ref().take(header_size)) {
             Ok(header) => header,
             Err(e) => {
                 self.last_blob_ok = false;
@@ -205,9 +217,15 @@ impl<R: Read> Iterator for BlobReader<R> {
 pub(crate) fn decode_blob<T>(blob: &fileformat::Blob) -> Result<T>
     where T: protobuf::Message + protobuf::MessageStatic {
     if blob.has_raw() {
-        parse_message_from_bytes(blob.get_raw()).chain_err(|| "Could not parse raw data")
+        let size = blob.get_raw().len() as u64;
+        if size < MAX_BLOB_MESSAGE_SIZE {
+            parse_message_from_bytes(blob.get_raw()).chain_err(|| "Could not parse raw data")
+        } else {
+            Err(ErrorKind::BlobMessageTooBig(size).into())
+        }
     } else if blob.has_zlib_data() {
-        let mut decoder = ZlibDecoder::new(blob.get_zlib_data());
+        let mut decoder = ZlibDecoder::new(blob.get_zlib_data())
+            .take(MAX_BLOB_MESSAGE_SIZE);
         parse_message_from_reader(&mut decoder).chain_err(|| "Could not parse zlib data")
     } else {
         bail!("Blob is missing fields 'raw' and 'zlib_data")
@@ -218,9 +236,15 @@ pub(crate) fn decode_blob<T>(blob: &fileformat::Blob) -> Result<T>
 pub(crate) fn decode_blob<T>(blob: &fileformat::Blob) -> Result<T>
     where T: protobuf::Message + protobuf::MessageStatic {
     if blob.has_raw() {
-        parse_message_from_bytes(blob.get_raw()).chain_err(|| "Could not parse raw data")
+        let size = blob.get_raw().len() as u64;
+        if size < MAX_BLOB_MESSAGE_SIZE {
+            parse_message_from_bytes(blob.get_raw()).chain_err(|| "Could not parse raw data")
+        } else {
+            Err(ErrorKind::BlobMessageTooBig(size).into())
+        }
     } else if blob.has_zlib_data() {
-        let mut decoder = DeflateDecoder::from_zlib(blob.get_zlib_data());
+        let mut decoder = DeflateDecoder::from_zlib(blob.get_zlib_data())
+            .take(MAX_BLOB_MESSAGE_SIZE);
         parse_message_from_reader(&mut decoder).chain_err(|| "Could not parse zlib data")
     } else {
         bail!("Blob is missing fields 'raw' and 'zlib_data")

src/errors.rs

@@ -10,6 +10,16 @@ error_chain!{
             display("stringtable index out of bounds: {}", index)
         }
 
+        BlobHeaderTooBig(size: u64) {
+            description("blob header is too big")
+            display("blob header is too big: {} bytes", size)
+        }
+
+        BlobMessageTooBig(size: u64) {
+            description("blob message is too big")
+            display("blob message is too big: {} bytes", size)
+        }
+
         //TODO add UnexpectedPrimitiveBlock
     }
 }

src/mmap_blob.rs

@@ -153,7 +153,7 @@ impl<'a> Iterator for MmapBlobReader<'a> {
             1 ... 3 => {
                 self.last_blob_ok = false;
                 let io_error = ::std::io::Error::new(
-                    ::std::io::ErrorKind::UnexpectedEof, "failed to parse blob length"
+                    ::std::io::ErrorKind::UnexpectedEof, "failed to parse blob header length"
                 );
                 return Some(Err(Error::from_kind(ErrorKind::Io(io_error))));
             },
@@ -162,6 +162,11 @@ impl<'a> Iterator for MmapBlobReader<'a> {
 
         let header_size = byteorder::BigEndian::read_u32(slice) as usize;
 
+        if header_size as u64 >= ::blob::MAX_BLOB_HEADER_SIZE {
+            self.last_blob_ok = false;
+            return Some(Err(ErrorKind::BlobHeaderTooBig(header_size as u64).into()));
+        }
+
         if slice.len() < 4 + header_size {
             self.last_blob_ok = false;
             let io_error = ::std::io::Error::new(