Fix BSON size validation PYTHON-370

Author: behackett

bson/__init__.py

@@ -311,9 +311,10 @@ def _elements_to_dict(data, as_class, tz_aware):
 
 def _bson_to_dict(data, as_class, tz_aware):
  obj_size = struct.unpack("<i", data[:4])[0]
- if len(data) < obj_size:
+ length = len(data)
+ if length < obj_size:
  raise InvalidBSON("objsize too large")
- if data[obj_size - 1:obj_size] != ZERO:
+ if obj_size != length or data[obj_size - 1:obj_size] != ZERO:
  raise InvalidBSON("bad eoo")
  elements = data[4:obj_size - 1]
  return (_elements_to_dict(elements, as_class, tz_aware), data[obj_size:])
@@ -572,4 +573,4 @@ def has_uuid():
 
  .. versionadded:: 2.2.1+
  """
- return _use_uuid
+ return _use_uuid

bson/_cbsonmodule.c

@@ -1628,7 +1628,7 @@ static PyObject* _cbson_bson_to_dict(PyObject* self, PyObject* args) {
  return NULL;
  }
 
- if (string[size - 1]) {
+ if (size != total_size || string[size - 1]) {
  PyObject* InvalidBSON = _error("InvalidBSON");
  PyErr_SetString(InvalidBSON,
  "bad eoo");

test/test_bson.py

@@ -74,6 +74,7 @@ def test_basic_validation(self):
  self.assertFalse(is_valid(b("\x05\x00\x00\x00\x00\x00")))
  self.assertFalse(is_valid(b("\x07\x00\x00\x00\x02a\x00\x78\x56\x34\x12")))
  self.assertFalse(is_valid(b("\x09\x00\x00\x00\x10a\x00\x05\x00")))
+ self.assertFalse(is_valid(b("\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")))
 
  def test_random_data_is_not_bson(self):
  qcheck.check_unittest(self, qcheck.isnt(is_valid),