mirror of
https://github.com/octoleo/syncthing.git
synced 2025-01-10 18:24:44 +00:00
Reject unreasonably large messages
We allocate a []byte to read the message into, so if the header says the messages is several gigabytes large we may run into trouble. In reality, a message should never be that large so we impose a limit.
This commit is contained in:
parent
c6f5075721
commit
f769df16e8
11
protocol.go
11
protocol.go
@ -15,7 +15,11 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
BlockSize = 128 * 1024
|
||||
// Data block size (128 KiB)
|
||||
BlockSize = 128 << 10
|
||||
|
||||
// We reject messages larger than this when encountered on the wire. (64 MiB)
|
||||
MaxMessageLen = 64 << 20
|
||||
)
|
||||
|
||||
const (
|
||||
@ -383,6 +387,11 @@ func (c *rawConnection) readMessage() (hdr header, msg encodable, err error) {
|
||||
l.Debugf("read header %v (msglen=%d)", hdr, msglen)
|
||||
}
|
||||
|
||||
if msglen > MaxMessageLen {
|
||||
err = fmt.Errorf("message length %d exceeds maximum %d", msglen, MaxMessageLen)
|
||||
return
|
||||
}
|
||||
|
||||
if hdr.version != 0 {
|
||||
err = fmt.Errorf("unknown protocol version 0x%x", hdr.version)
|
||||
return
|
||||
|
Loading…
Reference in New Issue
Block a user