fix(protocols): guard against zero/malformed length fields in binary protocol parsers

MongoDB had the same infinite-loop bug as MSSQL (msg_len=0 → buffer never shrinks in while loop). Postgres, MySQL, and MQTT had related length-field issues (stuck state, resource exhaustion, overlong remaining-length). Also fixes an existing MongoDB _op_reply struct.pack format bug (extra 'q' specifier caused struct.error on any OP_QUERY response). Adds 53 regression + protocol boundary tests across MSSQL, MongoDB, Postgres, MySQL, and MQTT, including a _run_with_timeout threading harness to catch infinite loops and @pytest.mark.fuzz hypothesis tests for each.
2026-04-12 01:01:13 -04:00
parent 65d585569b
commit d63e396410
10 changed files with 894 additions and 2 deletions
--- a/templates/mysql/server.py
+++ b/templates/mysql/server.py
@@ -67,6 +67,10 @@ class MySQLProtocol(asyncio.Protocol):
        # MySQL packets: 3-byte length + 1-byte seq + payload
        while len(self._buf) >= 4:
            length = struct.unpack("<I", self._buf[:3] + b"\x00")[0]
+            if length > 1024 * 1024:
+                self._transport.close()
+                self._buf = b""
+                return
            if len(self._buf) < 4 + length:
                break
            payload = self._buf[4:4 + length]