From 627cc48f5a58e308c7994be2502f771c9f435ff1 Mon Sep 17 00:00:00 2001 From: Jon Skeet Date: Tue, 13 Nov 2018 18:21:30 +0000 Subject: [PATCH] Increase C# default recursion limit to 100 (#5339) * Increase C# default recursion limit to 100 This matches the Java and C++ defaults. * Change compatibility tests to use execution-time default recursion limit This way the same tests should pass against all versions, even if the recursion limit changes. (The tests will be testing whether different messages work, admittedly - but that's probably fine.) --- .../src/Google.Protobuf.Test/CodedInputStreamTest.cs | 10 +++++----- .../src/Google.Protobuf.Test/CodedInputStreamTest.cs | 10 +++++----- csharp/src/Google.Protobuf/CodedInputStream.cs | 4 ++-- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/CodedInputStreamTest.cs b/csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/CodedInputStreamTest.cs index ff44895c06..73a578d2b5 100644 --- a/csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/CodedInputStreamTest.cs +++ b/csharp/compatibility_tests/v3.0.0/src/Google.Protobuf.Test/CodedInputStreamTest.cs @@ -313,14 +313,14 @@ namespace Google.Protobuf [Test] public void MaliciousRecursion() { - ByteString data64 = MakeRecursiveMessage(64).ToByteString(); - ByteString data65 = MakeRecursiveMessage(65).ToByteString(); + ByteString atRecursiveLimit = MakeRecursiveMessage(CodedInputStream.DefaultRecursionLimit).ToByteString(); + ByteString beyondRecursiveLimit = MakeRecursiveMessage(CodedInputStream.DefaultRecursionLimit + 1).ToByteString(); - AssertMessageDepth(TestRecursiveMessage.Parser.ParseFrom(data64), 64); + AssertMessageDepth(TestRecursiveMessage.Parser.ParseFrom(atRecursiveLimit), CodedInputStream.DefaultRecursionLimit); - Assert.Throws(() => TestRecursiveMessage.Parser.ParseFrom(data65)); + Assert.Throws(() => TestRecursiveMessage.Parser.ParseFrom(beyondRecursiveLimit)); - CodedInputStream input = CodedInputStream.CreateWithLimits(new MemoryStream(data64.ToByteArray()), 1000000, 63); + CodedInputStream input = CodedInputStream.CreateWithLimits(new MemoryStream(atRecursiveLimit.ToByteArray()), 1000000, CodedInputStream.DefaultRecursionLimit - 1); Assert.Throws(() => TestRecursiveMessage.Parser.ParseFrom(input)); } diff --git a/csharp/src/Google.Protobuf.Test/CodedInputStreamTest.cs b/csharp/src/Google.Protobuf.Test/CodedInputStreamTest.cs index 8795fa65f4..58d7a9d655 100644 --- a/csharp/src/Google.Protobuf.Test/CodedInputStreamTest.cs +++ b/csharp/src/Google.Protobuf.Test/CodedInputStreamTest.cs @@ -327,14 +327,14 @@ namespace Google.Protobuf [Test] public void MaliciousRecursion() { - ByteString data64 = MakeRecursiveMessage(64).ToByteString(); - ByteString data65 = MakeRecursiveMessage(65).ToByteString(); + ByteString atRecursiveLimit = MakeRecursiveMessage(CodedInputStream.DefaultRecursionLimit).ToByteString(); + ByteString beyondRecursiveLimit = MakeRecursiveMessage(CodedInputStream.DefaultRecursionLimit + 1).ToByteString(); - AssertMessageDepth(TestRecursiveMessage.Parser.ParseFrom(data64), 64); + AssertMessageDepth(TestRecursiveMessage.Parser.ParseFrom(atRecursiveLimit), CodedInputStream.DefaultRecursionLimit); - Assert.Throws(() => TestRecursiveMessage.Parser.ParseFrom(data65)); + Assert.Throws(() => TestRecursiveMessage.Parser.ParseFrom(beyondRecursiveLimit)); - CodedInputStream input = CodedInputStream.CreateWithLimits(new MemoryStream(data64.ToByteArray()), 1000000, 63); + CodedInputStream input = CodedInputStream.CreateWithLimits(new MemoryStream(atRecursiveLimit.ToByteArray()), 1000000, CodedInputStream.DefaultRecursionLimit - 1); Assert.Throws(() => TestRecursiveMessage.Parser.ParseFrom(input)); } diff --git a/csharp/src/Google.Protobuf/CodedInputStream.cs b/csharp/src/Google.Protobuf/CodedInputStream.cs index 0428fb54e6..e1de7a0521 100644 --- a/csharp/src/Google.Protobuf/CodedInputStream.cs +++ b/csharp/src/Google.Protobuf/CodedInputStream.cs @@ -93,7 +93,7 @@ namespace Google.Protobuf private uint nextTag = 0; private bool hasNextTag = false; - internal const int DefaultRecursionLimit = 64; + internal const int DefaultRecursionLimit = 100; internal const int DefaultSizeLimit = Int32.MaxValue; internal const int BufferSize = 4096; @@ -260,7 +260,7 @@ namespace Google.Protobuf /// to avoid maliciously-recursive data. /// /// - /// The default limit is 64. + /// The default limit is 100. /// /// /// The recursion limit for this stream.