Skip to content

[fix] 修复 Protobuf 反序列化缺少异常处理导致的潜在崩溃风险#2

Merged
brainwith merged 1 commit intomainfrom
dev_neo_security_opt2
Mar 11, 2026
Merged

[fix] 修复 Protobuf 反序列化缺少异常处理导致的潜在崩溃风险#2
brainwith merged 1 commit intomainfrom
dev_neo_security_opt2

Conversation

@kitty22520
Copy link
Collaborator

@kitty22520 kitty22520 commented Mar 11, 2026

优化描述

  • 安全审计中发现 SDK 在反序列化 Protobuf 消息时未对 parseFrom / mergeFrom 进行异常捕获。当接收到畸形或被篡改的数据时,InvalidProtocolBufferException 会沿调用栈向上传播导致应用崩溃。该问题与 protobuf-javalite 3.22.0 的已知漏洞 CVE-2024-7254(恶意嵌套 group 标签触发栈溢出)叠加后风险进一步放大,远程攻击者可通过 DataChannel 或 WebSocket 信令通道实施拒绝服务攻击。

主要变更

  • RTCEngine.onMessage:为 DataPacket.parseFrom 和 EncryptedPacketPayload.parseFrom 添加 try-catch
  • SignalClient.onMessage:为 SignalResponse.mergeFrom 添加 try-catch
  • 三处均在捕获异常后丢弃畸形消息并记录 WARN 级别日志,不影响后续正常消息处理

技术细节

  • 精确捕获 com.google.protobuf.InvalidProtocolBufferException,避免使用宽泛的 Exception 吞掉非预期错误
  • 采用 Kotlin 的 try-expression 语法,将解析结果直接赋值给变量,解析失败时 return 跳出方法
  • 日志通过 LKLog.w(e) 附带异常对象,便于开发者排查,同时不会在默认配置(OFF)下产生输出

影响范围

  • 仅涉及 RTCEngine 和 SignalClient 中 Protobuf 消息接收路径的防御性处理,不改变正常消息的解析逻辑和业务流程
  • 修复后畸形消息将被静默丢弃而非导致崩溃,提升了 SDK 在对抗恶意输入场景下的鲁棒性

@brainwith

@kitty22520 kitty22520 requested a review from brainwith March 11, 2026 06:13
@brainwith brainwith merged commit 62a6249 into main Mar 11, 2026
2 of 3 checks passed
@brainwith brainwith deleted the dev_neo_security_opt2 branch March 11, 2026 08:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brainwith brainwith brainwith approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kitty22520 @brainwith