Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-05-31 10:14:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

fix(client): guard against int overflow in ClientWithAttachments marshal

Browse source 
CodeQL flagged go/allocation-size-overflow on len(rec)+len(extra) feeding
make's capacity. Not exploitable in practice (both come from json.Marshal
of bounded structs), but add an explicit MaxInt guard to silence the
analyzer and make the precondition obvious.
This commit is contained in:
MHSanaei 2026-05-19 12:40:18 +02:00
parent 66f946ee54
commit 788c979ad1
No known key found for this signature in database
GPG key ID: 7E4060F2FBE5AB7A
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
web/service/client.go
View file

@ -6,6 +6,7 @@ import (
"encoding/json" "encoding/json"
"errors" "errors"
"fmt" "fmt"
"math"
"strings" "strings"
"sync" "sync"
"time" "time"
@ -47,6 +48,9 @@ func (c ClientWithAttachments) MarshalJSON() ([]byte, error) {
if len(rec) < 2 || rec[len(rec)-1] != '}' || len(extra) <= 2 { if len(rec) < 2 || rec[len(rec)-1] != '}' || len(extra) <= 2 {
return rec, nil return rec, nil
} }
if len(extra) > math.MaxInt-len(rec) {
return rec, nil
}
out := make([]byte, 0, len(rec)+len(extra)) out := make([]byte, 0, len(rec)+len(extra))
out = append(out, rec[:len(rec)-1]...) out = append(out, rec[:len(rec)-1]...)
if len(rec) > 2 { if len(rec) > 2 {