configuration: Detect raft_id overflow

Mathieu Borderé · Mathieu Borderé · commit 26f4af5ed83e · 2022-09-07T14:36:25.000+02:00
diff --git a/src/configuration.c b/src/configuration.c
@@ -234,7 +234,7 @@ size_t configurationEncodedSize(const struct raft_configuration *c)
     return bytePad64(n);
 }
 
-void configurationEncodeToBuf(const struct raft_configuration *c, void *buf)
+int configurationEncodeToBuf(const struct raft_configuration *c, void *buf)
 {
     void *cursor = buf;
     unsigned i;
@@ -247,12 +247,20 @@ void configurationEncodeToBuf(const struct raft_configuration *c, void *buf)
 
     for (i = 0; i < c->n; i++) {
         struct raft_server *server = &c->servers[i];
-        assert(server->address != NULL);
+        if (server->address == NULL) {
+            return RAFT_INVALID;
+        }
+
+        if (server->id > UINT64_MAX) {
+            return RAFT_BADID;
+        }
         bytePut64Unaligned(&cursor, server->id); /* might not be aligned */
         bytePutString(&cursor, server->address);
         assert(server->role < 255);
         bytePut8(&cursor, (uint8_t)server->role);
     };
+
+    return 0;
 }
 
 int configurationEncode(const struct raft_configuration *c,
@@ -270,9 +278,7 @@ int configurationEncode(const struct raft_configuration *c,
         return RAFT_NOMEM;
     }
 
-    configurationEncodeToBuf(c, buf->base);
-
-    return 0;
+    return configurationEncodeToBuf(c, buf->base);
 }
 
 int configurationDecode(const struct raft_buffer *buf,
diff --git a/src/configuration.h b/src/configuration.h
@@ -49,7 +49,7 @@ size_t configurationEncodedSize(const struct raft_configuration *c);
 
 /* Encode the given configuration object to the given pre-allocated buffer,
  * which is assumed to be at least configurationEncodedSize(c) bytes. */
-void configurationEncodeToBuf(const struct raft_configuration *c, void *buf);
+int configurationEncodeToBuf(const struct raft_configuration *c, void *buf);
 
 /* Encode the given configuration object. The memory of the returned buffer is
  * allocated using raft_malloc(), and client code is responsible for releasing
diff --git a/src/uv_encoding.c b/src/uv_encoding.c
@@ -143,9 +143,10 @@ static void encodeAppendEntriesResult(
     bytePut64(&cursor, p->last_log_index);
 }
 
-static void encodeInstallSnapshot(const struct raft_install_snapshot *p,
-                                  void *buf)
+static int encodeInstallSnapshot(const struct raft_install_snapshot *p,
+                                 void *buf)
 {
+    int rv = 0;
     void *cursor;
     size_t conf_size = configurationEncodedSize(&p->conf);
 
@@ -156,9 +157,13 @@ static void encodeInstallSnapshot(const struct raft_install_snapshot *p,
     bytePut64(&cursor, p->last_term);  /* Term of last index. */
     bytePut64(&cursor, p->conf_index); /* Configuration index. */
     bytePut64(&cursor, conf_size);     /* Configuration length. */
-    configurationEncodeToBuf(&p->conf, cursor);
+    rv = configurationEncodeToBuf(&p->conf, cursor);
+    if (rv != 0) {
+        return rv;
+    }
     cursor = (uint8_t *)cursor + conf_size;
     bytePut64(&cursor, p->data.len); /* Snapshot data size. */
+    return rv;
 }
 
 static void encodeTimeoutNow(const struct raft_timeout_now *p, void *buf)
