Limit SequenceNumberSet number of bits on deserialization (#2027)

* Refs 11065. Check major protocol version for equality. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs 11065. Asserts on SequenceNumber.h Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs 11065. Improving fixed_size_bitmap. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs 11065. Limiting size on CDRMessage::readSequenceNumberSet Signed-off-by: Miguel Company <MiguelCompany@eprosima.com> * Refs 11065. Removed unnecessary set of base. Signed-off-by: Miguel Company <MiguelCompany@eprosima.com>
eProsima · Jul 1, 2021 · 57ed258 · 57ed258
1 parent d77bae1
commit 57ed258
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 8 deletions.
diff --git a/include/fastdds/rtps/common/SequenceNumber.h b/include/fastdds/rtps/common/SequenceNumber.h
@@ -18,14 +18,16 @@
 
 #ifndef _FASTDDS_RPTS_ELEM_SEQNUM_H_
 #define _FASTDDS_RPTS_ELEM_SEQNUM_H_
-#include <fastrtps/fastrtps_dll.h>
-#include <fastrtps/utils/fixed_size_bitmap.hpp>
-#include <fastdds/rtps/common/Types.h>
 
 #include <algorithm>
 #include <cassert>
+#include <limits>
 #include <vector>
 
+#include <fastrtps/fastrtps_dll.h>
+#include <fastrtps/utils/fixed_size_bitmap.hpp>
+#include <fastdds/rtps/common/Types.h>
+
 namespace eprosima {
 namespace fastrtps {
 namespace rtps {
@@ -84,6 +86,7 @@ struct RTPS_DllAPI SequenceNumber_t
         ++low;
         if (low == 0)
         {
+            assert(std::numeric_limits<decltype(high)>::max() > high);
             ++high;
         }
 
@@ -112,6 +115,7 @@ struct RTPS_DllAPI SequenceNumber_t
         if (low < aux_low)
         {
             // Being the type of the parameter an 'int', the increment of 'high' will be as much as 1.
+            assert(std::numeric_limits<decltype(high)>::max() > high);
             ++high;
         }
 
@@ -240,6 +244,7 @@ inline SequenceNumber_t operator -(
     if (inc > seq.low)
     {
         // Being the type of the parameter an 'uint32_t', the decrement of 'high' will be as much as 1.
+        assert(0 < res.high);
         --res.high;
     }
 
@@ -261,6 +266,7 @@ inline SequenceNumber_t operator +(
     if (res.low < seq.low)
     {
         // Being the type of the parameter an 'uint32_t', the increment of 'high' will be as much as 1.
+        assert(std::numeric_limits<decltype(res.high)>::max() > res.high);
         ++res.high;
     }
 
@@ -282,6 +288,7 @@ inline SequenceNumber_t operator -(
 
     if (minuend.low < subtrahend.low)
     {
+        assert(0 < res.high);
         --res.high;
     }
 

diff --git a/include/fastdds/rtps/messages/CDRMessage.hpp b/include/fastdds/rtps/messages/CDRMessage.hpp
@@ -248,7 +248,6 @@ inline SequenceNumberSet_t CDRMessage::readSequenceNumberSet(
         CDRMessage_t* msg)
 {
     bool valid = true;
-    SequenceNumberSet_t sns(c_SequenceNumber_Unknown);
 
     SequenceNumber_t seqNum;
     valid &= CDRMessage::readSequenceNumber(msg, &seqNum);
@@ -265,11 +264,12 @@ inline SequenceNumberSet_t CDRMessage::readSequenceNumberSet(
 
     if (valid)
     {
-        sns.base(seqNum);
+        SequenceNumberSet_t sns(seqNum, numBits);
         sns.bitmap_set(numBits, bitmap);
+        return sns;
     }
 
-    return sns;
+    return SequenceNumberSet_t (c_SequenceNumber_Unknown);
 }
 
 inline bool CDRMessage::readFragmentNumberSet(

diff --git a/include/fastrtps/utils/fixed_size_bitmap.hpp b/include/fastrtps/utils/fixed_size_bitmap.hpp
@@ -101,8 +101,22 @@ class BitmapRange
      */
     explicit BitmapRange(
             T base) noexcept
+        : BitmapRange(base, NBITS - 1)
+    {
+    }
+
+    /**
+     * Range specific constructor.
+     * Constructs an empty range with specified base and maximum bits.
+     *
+     * @param base      Specific base value for the created range.
+     * @param max_bits  Specific maximum number of bits.
+     */
+    BitmapRange(
+            T base,
+            uint32_t max_bits) noexcept
         : base_(base)
-        , range_max_(base + (NBITS - 1))
+        , range_max_(base_ + (std::min)(max_bits, NBITS - 1))
         , bitmap_()
         , num_bits_(0u)
     {
@@ -134,6 +148,23 @@ class BitmapRange
         bitmap_.fill(0u);
     }
 
+    /**
+     * Set a new base and maximum bits for the range.
+     * This method resets the range and sets a new value for its base, as long as a maximum number of bits.
+     *
+     * @param base      New base value to set.
+     * @param max_bits  New maximum number of bits.
+     */
+    void base(
+            T base,
+            uint32_t max_bits) noexcept
+    {
+        base_ = base;
+        range_max_ = base_ + (std::min)(max_bits, NBITS - 1);
+        num_bits_ = 0;
+        bitmap_.fill(0u);
+    }
+
     /**
      * Set a new base for the range, keeping old values where possible.
      * This method implements a sliding window mechanism for changing the base of the range.

diff --git a/src/cpp/rtps/messages/MessageReceiver.cpp b/src/cpp/rtps/messages/MessageReceiver.cpp
@@ -537,7 +537,7 @@ bool MessageReceiver::checkRTPSHeader(
     msg->pos += 4;
 
     //CHECK AND SET protocol version
-    if (msg->buffer[msg->pos] <= c_ProtocolVersion.m_major)
+    if (msg->buffer[msg->pos] == c_ProtocolVersion.m_major)
     {
         source_version_.m_major = msg->buffer[msg->pos];
         msg->pos++;