From 3e4a3a8d8cd7ab195020f6124890094f0e5b18c3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Mart=C3=ADn?= <carlos.martin.sanchez@gmail.com>
Date: Fri, 23 Nov 2018 12:28:15 +0000
Subject: [PATCH] Fix panic for malformed UAST unmarshal
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Carlos Martín <carlos.martin.sanchez@gmail.com>
---
 server/service/uast.go      |  4 ++++
 server/service/uast_test.go | 31 +++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 server/service/uast_test.go

diff --git a/server/service/uast.go b/server/service/uast.go
index bcab6ca..ef03693 100644
--- a/server/service/uast.go
+++ b/server/service/uast.go
@@ -69,6 +69,10 @@ func UnmarshalUAST(data []byte) ([]*Node, error) {
 			return nil, ErrUnmarshalUAST.New(err)
 		}
 
+		if nodeLen < 1 {
+			return nil, ErrUnmarshalUAST.New(fmt.Errorf("malformed data"))
+		}
+
 		node := uast.NewNode()
 		nodeBytes := buf.Next(int(nodeLen))
 		if int32(len(nodeBytes)) != nodeLen {
diff --git a/server/service/uast_test.go b/server/service/uast_test.go
new file mode 100644
index 0000000..4d5445b
--- /dev/null
+++ b/server/service/uast_test.go
@@ -0,0 +1,31 @@
+package service_test
+
+import (
+	"bytes"
+	"encoding/binary"
+	"testing"
+
+	"github.com/src-d/gitbase-web/server/service"
+	"github.com/stretchr/testify/suite"
+)
+
+type UastSuite struct {
+	suite.Suite
+}
+
+func TestUastSuite(t *testing.T) {
+	s := new(UastSuite)
+	suite.Run(t, s)
+}
+
+func (suite *UastSuite) TestNegativeNodeLen() {
+	var nodeLen int32 = -20
+
+	buf := new(bytes.Buffer)
+	err := binary.Write(buf, binary.BigEndian, nodeLen)
+	suite.Require().NoError(err)
+
+	nodes, err := service.UnmarshalUAST(buf.Bytes())
+	suite.Require().Error(err)
+	suite.Require().Nil(nodes)
+}