Handle parser errors by emitting error and closing connection

clue · clue · commit 3bf10acaa60e · 2022-08-31T12:12:36.000+02:00
diff --git a/src/Io/Buffer.php b/src/Io/Buffer.php
@@ -37,7 +37,7 @@ public function prepend($str)
      *
      * @param int $len length in bytes, must be positive or zero
      * @return string
-     * @throws \LogicException
+     * @throws \UnderflowException
      */
     public function read($len)
     {
@@ -53,7 +53,7 @@ public function read($len)
 
         // ensure buffer size contains $len bytes by checking target buffer position
         if ($len < 0 || !isset($this->buffer[$this->bufferPos + $len - 1])) {
-            throw new \LogicException('Not enough data in buffer to read ' . $len . ' bytes');
+            throw new \UnderflowException('Not enough data in buffer to read ' . $len . ' bytes');
         }
         $buffer = \substr($this->buffer, $this->bufferPos, $len);
         $this->bufferPos += $len;
@@ -106,12 +106,12 @@ public function readBuffer($len)
      *
      * @param int $len length in bytes, must be positve and non-zero
      * @return void
-     * @throws \LogicException
+     * @throws \UnderflowException
      */
     public function skip($len)
     {
         if ($len < 1 || !isset($this->buffer[$this->bufferPos + $len - 1])) {
-            throw new \LogicException('Not enough data in buffer');
+            throw new \UnderflowException('Not enough data in buffer');
         }
         $this->bufferPos += $len;
     }
@@ -220,13 +220,13 @@ public function readStringLen()
      * Reads string until NULL character
      *
      * @return string
-     * @throws \LogicException
+     * @throws \UnderflowException
      */
     public function readStringNull()
     {
         $pos = \strpos($this->buffer, "\0", $this->bufferPos);
         if ($pos === false) {
-            throw new \LogicException('Missing NULL character');
+            throw new \UnderflowException('Missing NULL character');
         }
 
         $ret = $this->read($pos - $this->bufferPos);
diff --git a/src/Io/Parser.php b/src/Io/Parser.php
@@ -5,7 +5,7 @@
 use React\MySQL\Commands\AuthenticateCommand;
 use React\MySQL\Commands\QueryCommand;
 use React\MySQL\Commands\QuitCommand;
-use React\MySQL\Exception;
+use React\MySQL\Exception as MysqlException;
 use React\Stream\DuplexStreamInterface;
 
 /**
@@ -25,6 +25,13 @@ class Parser
     const STATE_STANDBY = 0;
     const STATE_BODY    = 1;
 
+    /**
+     * The packet header always consists of 4 bytes, 3 bytes packet length + 1 byte sequence number
+     *
+     * @var integer
+     */
+    const PACKET_SIZE_HEADER = 4;
+
     /**
      * Keeps a reference to the command that is currently being processed.
      *
@@ -63,7 +70,20 @@ class Parser
     protected $serverStatus;
 
     protected $rsState = 0;
-    protected $pctSize = 0;
+
+    /**
+     * Packet size expected in number of bytes
+     *
+     * Depending on `self::$state`, the Parser excepts either a packet header
+     * (always 4 bytes) or the packet contents (n bytes determined by prior
+     * packet header).
+     *
+     * @var int
+     * @see self::$state
+     * @see self::PACKET_SIZE_HEADER
+     */
+    private $pctSize = self::PACKET_SIZE_HEADER;
+
     protected $resultFields = [];
 
     protected $insertId;
@@ -97,7 +117,7 @@ public function __construct(DuplexStreamInterface $stream, Executor $executor)
 
     public function start()
     {
-        $this->stream->on('data', [$this, 'parse']);
+        $this->stream->on('data', [$this, 'handleData']);
         $this->stream->on('close', [$this, 'onClose']);
     }
 
@@ -110,31 +130,53 @@ public function debug($message)
         }
     }
 
-    public function parse($data)
+    /** @var string $data */
+    public function handleData($data)
     {
         $this->buffer->append($data);
-packet:
-        if ($this->state === self::STATE_STANDBY) {
-            if ($this->buffer->length() < 4) {
+
+        if ($this->debug) {
+            $this->debug('Received ' . strlen($data) . ' byte(s), buffer now has ' . ($len = $this->buffer->length()) . ' byte(s): ' . wordwrap(bin2hex($b = $this->buffer->read($len)), 2, ' ', true)); $this->buffer->append($b); // @codeCoverageIgnore
+        }
+
+        while ($this->buffer->length() >= $this->pctSize) {
+            if ($this->state === self::STATE_STANDBY) {
+                $this->pctSize = $this->buffer->readInt3();
+                //printf("packet size:%d\n", $this->pctSize);
+                $this->state = self::STATE_BODY;
+                $this->seq = $this->buffer->readInt1() + 1;
+            }
+
+            $len = $this->buffer->length();
+            if ($len < $this->pctSize) {
+                $this->debug('Waiting for complete packet with ' . $len . '/' . $this->pctSize . ' bytes');
+
                 return;
             }
 
-            $this->pctSize = $this->buffer->readInt3();
-            //printf("packet size:%d\n", $this->pctSize);
-            $this->state = self::STATE_BODY;
-            $this->seq = $this->buffer->readInt1() + 1;
-        }
+            $packet = $this->buffer->readBuffer($this->pctSize);
+            $this->state = self::STATE_STANDBY;
+            $this->pctSize = self::PACKET_SIZE_HEADER;
 
-        $len = $this->buffer->length();
-        if ($len < $this->pctSize) {
-            $this->debug('Waiting for complete packet with ' . $len . '/' . $this->pctSize . ' bytes');
+            try {
+                $this->parsePacket($packet);
+            } catch (\UnderflowException $e) {
+                $this->onError(new \UnexpectedValueException('Unexpected protocol error, received malformed packet: ' . $e->getMessage(), 0, $e));
+                $this->stream->close();
+                return;
+            }
 
-            return;
+            if ($packet->length() !== 0) {
+                $this->onError(new \UnexpectedValueException('Unexpected protocol error, received malformed packet with ' . $packet->length() . ' unknown byte(s)'));
+                $this->stream->close();
+                return;
+            }
         }
+    }
 
-        $packet = $this->buffer->readBuffer($this->pctSize);
-        $this->state = self::STATE_STANDBY;
-
+    /** @return void */
+    private function parsePacket(Buffer $packet)
+    {
         if ($this->debug) {
             $this->debug('Parse packet#' . $this->seq . ' with ' . ($len = $packet->length()) . ' bytes: ' . wordwrap(bin2hex($b = $packet->read($len)), 2, ' ', true)); $packet->append($b); // @codeCoverageIgnore
         }
@@ -146,7 +188,7 @@ public function parse($data)
                 $this->phase   = self::PHASE_AUTH_ERR;
 
                 $code = $packet->readInt2();
-                $exception = new Exception($packet->read($packet->length()), $code);
+                $exception = new MysqlException($packet->read($packet->length()), $code);
                 $this->debug(sprintf("Error Packet:%d %s\n", $code, $exception->getMessage()));
 
                 // error during init phase also means we're not currently executing any command
@@ -186,7 +228,7 @@ public function parse($data)
                 // error packet
                 $code = $packet->readInt2();
                 $packet->skip(6); // skip SQL state
-                $exception = new Exception($packet->read($packet->length()), $code);
+                $exception = new MysqlException($packet->read($packet->length()), $code);
                 $this->debug(sprintf("Error Packet:%d %s\n", $code, $exception->getMessage()));
 
                 $this->onError($exception);
@@ -266,10 +308,6 @@ public function parse($data)
                 }
             }
         }
-
-        // finished parsing packet, continue with next packet
-        assert($packet->length() === 0);
-        goto packet;
     }
 
     private function onResultRow($row)
@@ -279,7 +317,7 @@ private function onResultRow($row)
         $command->emit('result', [$row]);
     }
 
-    private function onError(Exception $error)
+    private function onError(\Exception $error)
     {
         $this->rsState      = self::RS_STATE_HEADER;
         $this->resultFields = [];
diff --git a/tests/Io/BufferTest.php b/tests/Io/BufferTest.php
@@ -22,7 +22,7 @@ public function testReadBeyondLimitThrows()
 
         $buffer->append('hi');
 
-        $this->setExpectedException('LogicException');
+        $this->setExpectedException('UnderflowException');
         $buffer->read(3);
     }
 
@@ -71,7 +71,7 @@ public function testSkipZeroThrows()
 
         $buffer->append('hi');
 
-        $this->setExpectedException('LogicException');
+        $this->setExpectedException('UnderflowException');
         $buffer->skip(0);
     }
 
@@ -81,7 +81,7 @@ public function testSkipBeyondLimitThrows()
 
         $buffer->append('hi');
 
-        $this->setExpectedException('LogicException');
+        $this->setExpectedException('UnderflowException');
         $buffer->skip(3);
     }
 
@@ -214,7 +214,7 @@ public function testParseStringNullCharacterThrowsIfNullNotFound()
         $buffer = new Buffer();
         $buffer->append("hello");
 
-        $this->setExpectedException('LogicException');
+        $this->setExpectedException('UnderflowException');
         $buffer->readStringNull();
     }
 }
diff --git a/tests/Io/ParserTest.php b/tests/Io/ParserTest.php
@@ -149,6 +149,72 @@ public function testReceivingErrorFrameForQueryAfterResultSetHeadersShouldEmitEr
         $this->assertEquals([], $ref->getValue($parser));
     }
 
+    public function testReceivingInvalidPacketWithMissingDataShouldEmitErrorAndCloseConnection()
+    {
+        $stream = new ThroughStream();
+
+        $command = new QueryCommand();
+        $command->on('error', $this->expectCallableOnce());
+
+        $error = null;
+        $command->on('error', function ($e) use (&$error) {
+            $error = $e;
+        });
+
+        $executor = new Executor();
+        $executor->enqueue($command);
+
+        $parser = new Parser(new CompositeStream($stream, new ThroughStream()), $executor);
+        $parser->start();
+
+        // hack to inject command as current command
+        $ref = new \ReflectionProperty($parser, 'currCommand');
+        $ref->setAccessible(true);
+        $ref->setValue($parser, $command);
+
+        $stream->on('close', $this->expectCallableOnce());
+
+        $stream->write("\x32\0\0\0" . "\x0a" . "mysql\0" . str_repeat("\0", 43));
+
+        $this->assertTrue($error instanceof \UnexpectedValueException);
+        $this->assertEquals('Unexpected protocol error, received malformed packet: Not enough data in buffer', $error->getMessage());
+        $this->assertEquals(0, $error->getCode());
+        $this->assertInstanceOf('UnderflowException', $error->getPrevious());
+    }
+
+    public function testReceivingInvalidPacketWithExcessiveDataShouldEmitErrorAndCloseConnection()
+    {
+        $stream = new ThroughStream();
+
+        $command = new QueryCommand();
+        $command->on('error', $this->expectCallableOnce());
+
+        $error = null;
+        $command->on('error', function ($e) use (&$error) {
+            $error = $e;
+        });
+
+        $executor = new Executor();
+        $executor->enqueue($command);
+
+        $parser = new Parser(new CompositeStream($stream, new ThroughStream()), $executor);
+        $parser->start();
+
+        // hack to inject command as current command
+        $ref = new \ReflectionProperty($parser, 'currCommand');
+        $ref->setAccessible(true);
+        $ref->setValue($parser, $command);
+
+        $stream->on('close', $this->expectCallableOnce());
+
+        $stream->write("\x34\0\0\0" . "\x0a" . "mysql\0" . str_repeat("\0", 45));
+
+        $this->assertTrue($error instanceof \UnexpectedValueException);
+        $this->assertEquals('Unexpected protocol error, received malformed packet with 1 unknown byte(s)', $error->getMessage());
+        $this->assertEquals(0, $error->getCode());
+        $this->assertNull($error->getPrevious());
+    }
+
     public function testReceivingIncompleteErrorFrameDuringHandshakeShouldNotEmitError()
     {
         $stream = new ThroughStream();

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ public function prepend($str)`
`37`	`37`	`*`
`38`	`38`	`* @param int $len length in bytes, must be positive or zero`
`39`	`39`	`* @return string`
`40`		`- * @throws \LogicException`
	`40`	`+ * @throws \UnderflowException`
`41`	`41`	`*/`
`42`	`42`	`public function read($len)`
`43`	`43`	`{`
`@@ -53,7 +53,7 @@ public function read($len)`
`53`	`53`
`54`	`54`	`// ensure buffer size contains $len bytes by checking target buffer position`
`55`	`55`	`if ($len < 0 \|\| !isset($this->buffer[$this->bufferPos + $len - 1])) {`
`56`		`- throw new \LogicException('Not enough data in buffer to read ' . $len . ' bytes');`
	`56`	`+ throw new \UnderflowException('Not enough data in buffer to read ' . $len . ' bytes');`
`57`	`57`	`}`
`58`	`58`	`$buffer = \substr($this->buffer, $this->bufferPos, $len);`
`59`	`59`	`$this->bufferPos += $len;`
`@@ -106,12 +106,12 @@ public function readBuffer($len)`
`106`	`106`	`*`
`107`	`107`	`* @param int $len length in bytes, must be positve and non-zero`
`108`	`108`	`* @return void`
`109`		`- * @throws \LogicException`
	`109`	`+ * @throws \UnderflowException`
`110`	`110`	`*/`
`111`	`111`	`public function skip($len)`
`112`	`112`	`{`
`113`	`113`	`if ($len < 1 \|\| !isset($this->buffer[$this->bufferPos + $len - 1])) {`
`114`		`- throw new \LogicException('Not enough data in buffer');`
	`114`	`+ throw new \UnderflowException('Not enough data in buffer');`
`115`	`115`	`}`
`116`	`116`	`$this->bufferPos += $len;`
`117`	`117`	`}`
`@@ -220,13 +220,13 @@ public function readStringLen()`
`220`	`220`	`* Reads string until NULL character`
`221`	`221`	`*`
`222`	`222`	`* @return string`
`223`		`- * @throws \LogicException`
	`223`	`+ * @throws \UnderflowException`
`224`	`224`	`*/`
`225`	`225`	`public function readStringNull()`
`226`	`226`	`{`
`227`	`227`	`$pos = \strpos($this->buffer, "\0", $this->bufferPos);`
`228`	`228`	`if ($pos === false) {`
`229`		`- throw new \LogicException('Missing NULL character');`
	`229`	`+ throw new \UnderflowException('Missing NULL character');`
`230`	`230`	`}`
`231`	`231`
`232`	`232`	`$ret = $this->read($pos - $this->bufferPos);`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ public function testReadBeyondLimitThrows()`
`22`	`22`
`23`	`23`	`$buffer->append('hi');`
`24`	`24`
`25`		`- $this->setExpectedException('LogicException');`
	`25`	`+ $this->setExpectedException('UnderflowException');`
`26`	`26`	`$buffer->read(3);`
`27`	`27`	`}`
`28`	`28`
`@@ -71,7 +71,7 @@ public function testSkipZeroThrows()`
`71`	`71`
`72`	`72`	`$buffer->append('hi');`
`73`	`73`
`74`		`- $this->setExpectedException('LogicException');`
	`74`	`+ $this->setExpectedException('UnderflowException');`
`75`	`75`	`$buffer->skip(0);`
`76`	`76`	`}`
`77`	`77`
`@@ -81,7 +81,7 @@ public function testSkipBeyondLimitThrows()`
`81`	`81`
`82`	`82`	`$buffer->append('hi');`
`83`	`83`
`84`		`- $this->setExpectedException('LogicException');`
	`84`	`+ $this->setExpectedException('UnderflowException');`
`85`	`85`	`$buffer->skip(3);`
`86`	`86`	`}`
`87`	`87`
`@@ -214,7 +214,7 @@ public function testParseStringNullCharacterThrowsIfNullNotFound()`
`214`	`214`	`$buffer = new Buffer();`
`215`	`215`	`$buffer->append("hello");`
`216`	`216`
`217`		`- $this->setExpectedException('LogicException');`
	`217`	`+ $this->setExpectedException('UnderflowException');`
`218`	`218`	`$buffer->readStringNull();`
`219`	`219`	`}`
`220`	`220`	`}`