From 4bf785d8962cf2a8237fc6c71da021adff937907 Mon Sep 17 00:00:00 2001
From: CyB3RC0nN0R <kske@outlook.de>
Date: Fri, 3 Jul 2020 23:37:25 +0200
Subject: [PATCH] Detect LV Encoding Errors in Receiver

When the length value encoding is violated, which can occur by sending
an incorrect object length to the client, the error is logged and the
receiver continues to run.
---
 src/main/java/envoy/client/net/Receiver.java | 31 +++++++++++++-------
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/src/main/java/envoy/client/net/Receiver.java b/src/main/java/envoy/client/net/Receiver.java
index c71e5ed..bfd231c 100644
--- a/src/main/java/envoy/client/net/Receiver.java
+++ b/src/main/java/envoy/client/net/Receiver.java
@@ -51,16 +51,25 @@ public class Receiver extends Thread {
 	@Override
 	public void run() {
 
-		try {
-			while (true) {
+		while (true) {
+			try {
 				// Read object length
 				final byte[] lenBytes = new byte[4];
 				in.read(lenBytes);
 				final int len = SerializationUtils.bytesToInt(lenBytes, 0);
+				logger.log(Level.FINEST, "Expecting object of length " + len + ".");
 
 				// Read object into byte array
-				final byte[] objBytes = new byte[len];
-				in.read(objBytes);
+				final byte[]	objBytes	= new byte[len];
+				final int		bytesRead	= in.read(objBytes);
+				logger.log(Level.FINEST, "Read " + bytesRead + " bytes.");
+
+				// Catch LV encoding errors
+				if (len != bytesRead) {
+					logger.log(Level.WARNING,
+							String.format("LV encoding violated: expected %d bytes, received %d bytes. Discarding object...", len, bytesRead));
+					continue;
+				}
 
 				try (ObjectInputStream oin = new ObjectInputStream(new ByteArrayInputStream(objBytes))) {
 					final Object obj = oin.readObject();
@@ -69,16 +78,16 @@ public class Receiver extends Thread {
 					// Get appropriate processor
 					@SuppressWarnings("rawtypes")
 					final Consumer processor = processors.get(obj.getClass());
-					if (processor == null)
-						logger.log(Level.WARNING, String.format(
-							"The received object has the class %s for which no processor is defined.", obj.getClass()));
+					if (processor == null) logger.log(Level.WARNING,
+							String.format("The received object has the class %s for which no processor is defined.", obj.getClass()));
 					else processor.accept(obj);
 				}
+			} catch (final SocketException e) {
+				// Connection probably closed by client.
+				return;
+			} catch (final Exception e) {
+				logger.log(Level.SEVERE, "Error on receiver thread", e);
 			}
-		} catch (final SocketException e) {
-			// Connection probably closed by client.
-		} catch (final Exception e) {
-			logger.log(Level.SEVERE, "Error on receiver thread", e);
 		}
 	}