Merge branch 'master' into test/add-blockbuster

bdraco · web-flow · commit 107166419efd · 2026-05-20T14:30:21.000-05:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,27 @@
 
 <!-- version list -->
 
+## v0.149.13 (2026-05-20)
+
+### Bug Fixes
+
+- Bound record payload reads against rdlength overrun
+  ([#1756](https://github.com/python-zeroconf/python-zeroconf/pull/1756),
+  [`5444495`](https://github.com/python-zeroconf/python-zeroconf/commit/544449596e645fcaad3834fa0cb614a54f847a82))
+
+### Documentation
+
+- Clarify LGPL-2.1-or-later license in README
+  ([#1763](https://github.com/python-zeroconf/python-zeroconf/pull/1763),
+  [`28bb01f`](https://github.com/python-zeroconf/python-zeroconf/commit/28bb01f23951f7883d8c3af66b6d537c34c516c7))
+
+### Refactoring
+
+- Extract loopback Zeroconf fixtures and mock_incoming_msg helper
+  ([#1758](https://github.com/python-zeroconf/python-zeroconf/pull/1758),
+  [`cb0af4a`](https://github.com/python-zeroconf/python-zeroconf/commit/cb0af4a8f4cdaad3721a2851d9fa17709d39ae62))
+
+
 ## v0.149.12 (2026-05-20)
 
 ### Bug Fixes
diff --git a/README.rst b/README.rst
@@ -151,4 +151,10 @@ Changelog
 License
 =======
 
-LGPL, see COPYING file for details.
+GNU Lesser General Public License v2.1 or later (LGPL-2.1-or-later).
+
+The full text of LGPL 2.1 is included in the `COPYING <COPYING>`_ file.
+You may, at your option, use this library under the terms of any later
+version of the LGPL published by the Free Software Foundation. The
+canonical SPDX identifier for this project is ``LGPL-2.1-or-later``, as
+declared in ``pyproject.toml``.
diff --git a/pyproject.toml b/pyproject.toml
@@ -4,7 +4,7 @@ build-backend = "poetry.core.masonry.api"
 
 [project]
 name = "zeroconf"
-version = "0.149.12"
+version = "0.149.13"
 license = "LGPL-2.1-or-later"
 description = "A pure python implementation of multicast DNS service discovery"
 readme = "README.rst"
diff --git a/src/zeroconf/__init__.py b/src/zeroconf/__init__.py
@@ -88,7 +88,7 @@
 
 __author__ = "Paul Scott-Murphy, William McBrine"
 __maintainer__ = "Jakub Stasiak <jakub@stasiak.at>"
-__version__ = "0.149.12"
+__version__ = "0.149.13"
 __license__ = "LGPL"
 
 
diff --git a/src/zeroconf/_core.py b/src/zeroconf/_core.py
@@ -104,6 +104,13 @@
 
 _REGISTER_BROADCASTS = 3
 
+# RFC 6762 §8.1 thundering-herd avoidance: wait a random
+# 0-250ms before the first probe so simultaneously-started
+# responders don't collide. We default to 150-250ms to
+# preserve existing timing assumptions; tests on loopback
+# may patch this lower via the `quick_timing` fixture.
+_PROBE_RANDOM_DELAY_INTERVAL = (150, 250)  # ms
+
 
 def async_send_with_transport(
     log_debug: bool,
@@ -561,7 +568,7 @@ async def async_check_service(
 
         # Wait a random amount of time up avoid collisions and avoid
         # a thundering herd when multiple services are started on the network
-        await self.async_wait(random.randint(150, 250))  # noqa: S311
+        await self.async_wait(random.randint(*_PROBE_RANDOM_DELAY_INTERVAL))  # noqa: S311
 
         next_instance_number = 2
         next_time = now = current_time_millis()
diff --git a/src/zeroconf/_protocol/incoming.py b/src/zeroconf/_protocol/incoming.py
@@ -254,12 +254,27 @@ def _read_character_string(self) -> str:
         """Reads a character string from the packet"""
         length = self.view[self.offset]
         self.offset += 1
+        # Python slicing silently truncates when indices exceed the buffer,
+        # but self.offset still advances by the declared length below; without
+        # this check a record with an inflated character-string length would
+        # land in the cache carrying a payload shorter than the wire claimed
+        # and leave the parser pointed past _data_len for the next record.
+        if self.offset + length > self._data_len:
+            raise IncomingDecodeError(
+                f"Character string length {length} at offset {self.offset} overruns "
+                f"packet of {self._data_len} bytes from {self.source}"
+            )
         info = self.data[self.offset : self.offset + length].decode("utf-8", "replace")
         self.offset += length
         return info
 
     def _read_string(self, length: _int) -> bytes:
         """Reads a string of a given length from the packet"""
+        if self.offset + length > self._data_len:
+            raise IncomingDecodeError(
+                f"String length {length} at offset {self.offset} overruns "
+                f"packet of {self._data_len} bytes from {self.source}"
+            )
         info = self.data[self.offset : self.offset + length]
         self.offset += length
         return info
@@ -297,6 +312,19 @@ def _read_others(self) -> None:
                     self.data,
                     exc_info=True,
                 )
+            if rec is not None and self.offset != end:
+                # The decoded record consumed a different number of bytes than
+                # rdlength advertised. The record is built from a slice that
+                # straddles its rdata boundary, so drop it and resync to the
+                # declared end so the next record header lands aligned.
+                log.debug(
+                    "Record for %s with type %s did not consume exactly rdlength=%d; dropping",
+                    domain,
+                    _TYPES.get(type_, type_),
+                    length,
+                )
+                self.offset = end
+                rec = None
             if rec is not None:
                 self._answers.append(rec)
 
diff --git a/tests/conftest.py b/tests/conftest.py
@@ -140,32 +140,66 @@ def quick_timing() -> Generator[None]:
     """Shorten the probe/announce/goodbye/first-query intervals for tests on loopback.
 
     The production values (_CHECK_TIME=500ms, _REGISTER_TIME=225ms,
-    _UNREGISTER_TIME=125ms, _FIRST_QUERY_DELAY_RANDOM_INTERVAL=20-120ms)
-    exist for RFC 6762 interop on real networks (§8.1 thundering-herd
-    avoidance for probing, §5.2 for the initial-query delay). Tests on
-    127.0.0.1 do not need them and pay 1-2s per register/unregister
-    cycle and 20-120ms per ServiceBrowser startup without this fixture.
-    Opt in by adding `quick_timing` to a test's argument list.
+    _UNREGISTER_TIME=125ms, _PROBE_RANDOM_DELAY_INTERVAL=150-250ms,
+    _FIRST_QUERY_DELAY_RANDOM_INTERVAL=20-120ms) exist for RFC 6762
+    interop on real networks (§8.1 thundering-herd avoidance for
+    probing, §5.2 for the initial-query delay). Tests on 127.0.0.1
+    do not need them and pay 1-2s per register/unregister cycle,
+    150-250ms per probe, and 20-120ms per ServiceBrowser startup
+    without this fixture. Opt in either by adding `quick_timing`
+    to a test's argument list or via
+    `@pytest.mark.usefixtures("quick_timing")` on the test or
+    its class.
     """
     with (
         patch.object(_core, "_CHECK_TIME", 10),
         patch.object(_core, "_REGISTER_TIME", 10),
         patch.object(_core, "_UNREGISTER_TIME", 10),
+        patch.object(_core, "_PROBE_RANDOM_DELAY_INTERVAL", (1, 5)),
         patch.object(service_browser, "_FIRST_QUERY_DELAY_RANDOM_INTERVAL", (1, 5)),
     ):
         yield
 
 
+@pytest.fixture
+def quick_aggregation_timing() -> Generator[None]:
+    """Scale multicast aggregation / network-protection delays 10x for tests.
+
+    The aggregation tests in `tests/test_handlers.py` verify timing-
+    dependent behaviour of `MulticastOutgoingQueue`: aggregation window,
+    network protection (~1s), and protected aggregation. The behaviour
+    under test is a ratio of these constants — the exact wall-clock
+    values are not the contract — so scaling them down and the test
+    sleeps in lock-step preserves what is tested while dropping each
+    test from ~3s to ~0.3s.
+
+    The patches must be in place before `AsyncZeroconf(...)` is
+    constructed because `MulticastOutgoingQueue` reads the constants at
+    init time and stashes them on the instance. The per-queue
+    `_multicast_delay_random_min` / `_max` jitter (1-5ms here) can
+    still be set on the queue instance after construction by the test
+    itself — those slots are `cdef public` in the .pxd.
+    """
+    with (
+        patch.object(_core, "_AGGREGATION_DELAY", 50),
+        patch.object(_core, "_PROTECTED_AGGREGATION_DELAY", 20),
+        patch.object(_core, "_ONE_SECOND", 100),
+    ):
+        yield
+
+
 @pytest.fixture
 def quick_request_timing() -> Generator[None]:
     """Shorten the initial-query delay used by AsyncServiceInfo.async_request.
 
     The 200ms `_LISTENER_TIME` and 20-120ms random jitter (RFC 6762
     §5.2) help spread queries from multiple clients on real networks.
     On loopback they're pure overhead — get_service_info-style tests
-    wait ~250ms before the first query even fires. Opt in by adding
-    `quick_request_timing` to a test's argument list, then drop the
-    test's own timeouts (which had to accommodate that delay).
+    wait ~250ms before the first query even fires. Opt in either by
+    adding `quick_request_timing` to a test's argument list or via
+    `@pytest.mark.usefixtures("quick_request_timing")` on the test
+    or its class, then drop the test's own timeouts (which had to
+    accommodate that delay).
     """
     with (
         patch.object(service_info, "_LISTENER_TIME", 10),
diff --git a/tests/services/test_info.py b/tests/services/test_info.py
@@ -251,6 +251,7 @@ def test_service_info_rejects_expired_records(self):
 
     @unittest.skipIf(not has_working_ipv6(), "Requires IPv6")
     @unittest.skipIf(os.environ.get("SKIP_IPV6"), "IPv6 tests disabled")
+    @pytest.mark.usefixtures("quick_request_timing")
     def test_get_info_partial(self):
         zc = r.Zeroconf(interfaces=["127.0.0.1"])
 
diff --git a/tests/test_asyncio.py b/tests/test_asyncio.py
@@ -608,7 +608,7 @@ async def test_async_wait_unblocks_on_update(quick_timing: None) -> None:
 
 
 @pytest.mark.asyncio
-async def test_service_info_async_request(quick_timing: None) -> None:
+async def test_service_info_async_request(quick_timing: None, quick_request_timing: None) -> None:
     """Test registering services broadcasts and query with AsyncServceInfo.async_request."""
     if not has_working_ipv6() or os.environ.get("SKIP_IPV6"):
         pytest.skip("Requires IPv6")
@@ -710,13 +710,13 @@ async def test_service_info_async_request(quick_timing: None) -> None:
     aiozc.zeroconf.out_delay_queue.queue.clear()
     aiosinfo = AsyncServiceInfo(type_, registration_name)
     _clear_cache(aiozc.zeroconf)
-    # Generating the race condition is almost impossible
-    # without patching since its a TOCTOU race. 1500ms covers
-    # the initial _LISTENER_TIME + random delay (200-320ms) and
-    # leaves plenty of margin for the loopback response to land
+    # Generating the race condition is almost impossible without
+    # patching since it's a TOCTOU race. Under `quick_request_timing`
+    # the first QU query fires at ~10ms and the QM follow-up at ~15ms;
+    # 300ms leaves plenty of margin for the loopback response to land
     # before the loop times out.
     with patch("zeroconf.asyncio.AsyncServiceInfo._is_complete", False):
-        await aiosinfo.async_request(aiozc.zeroconf, 1500)
+        await aiosinfo.async_request(aiozc.zeroconf, 300)
     assert aiosinfo is not None
     assert aiosinfo.addresses == [socket.inet_aton("10.0.1.3")]
 
diff --git a/tests/test_handlers.py b/tests/test_handlers.py
diff --git a/tests/test_protocol.py b/tests/test_protocol.py
diff --git a/tests/test_services.py b/tests/test_services.py
diff --git a/tests/utils/test_asyncio.py b/tests/utils/test_asyncio.py
