octoleo/syncthing
1
0
Fork 0
mirror of https://github.com/octoleo/syncthing.git synced 2025-02-02 03:48:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor length check

Browse Source
This commit is contained in:
Jakob Borg 2013-12-21 23:52:20 +01:00
parent 5c1db4f0f4
commit 7d235a454d
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
protocol/marshal.go
View File

@ -1,6 +1,7 @@
package protocol package protocol
import ( import (
"errors"
"io" "io"
"github.com/calmh/syncthing/buffers" "github.com/calmh/syncthing/buffers"
@ -22,6 +23,13 @@ type marshalWriter struct {
err error err error
} }
// We will never encode nor expect to decode blobs larger than 10 MB. Check
// inserted to protect against attempting to allocate arbitrary amounts of
// memory when reading a corrupt message.
const maxBytesFieldLength = 10 * 1 << 20
var ErrFieldLengthExceeded = errors.New("Raw bytes field size exceeds limit")
func (w *marshalWriter) writeString(s string) { func (w *marshalWriter) writeString(s string) {
w.writeBytes([]byte(s)) w.writeBytes([]byte(s))
} }
@ -30,6 +38,10 @@ func (w *marshalWriter) writeBytes(bs []byte) {
if w.err != nil { if w.err != nil {
return return
} }
if len(bs) > maxBytesFieldLength {
w.err = ErrFieldLengthExceeded
return
}
w.writeUint32(uint32(len(bs))) w.writeUint32(uint32(len(bs)))
if w.err != nil { if w.err != nil {
return return
@ -91,10 +103,9 @@ func (r *marshalReader) readBytes() []byte {
if r.err != nil { if r.err != nil {
return nil return nil
} }
if l > 10*1<<20 { if l > maxBytesFieldLength {
// Individual blobs in BEP are not significantly larger than BlockSize. r.err = ErrFieldLengthExceeded
// BlockSize is not larger than 1MB. return nil
panic("too large read - protocol error or out of sync")
} }
b := buffers.Get(l + pad(l)) b := buffers.Get(l + pad(l))
_, r.err = io.ReadFull(r.r, b) _, r.err = io.ReadFull(r.r, b)