commit aeb5a5786f903c4fddf353eb40e5803518ac88dd
from: Omar Polo <op@omarpolo.com>
date: Wed Jul 28 19:55:46 2021 UTC

reject messages larger than msize

commit - 4321cc20b2928d088d2d73ee0cb58d92e85c7811
commit + aeb5a5786f903c4fddf353eb40e5803518ac88dd
blob - 38602244dd61040c59d3cda54c5d6885507ef046
blob + b9cb509cb9873fee593543536b0fc8c8a5b486ae
--- listener.c
+++ listener.c
@@ -51,6 +51,7 @@ SPLAY_HEAD(clients_tree_id, client) clients;
 struct client {
 	uint32_t		 id;
 	uint32_t		 lid;
+	uint32_t		 msize;
 	int			 fd;
 	int			 done;
 	struct tls		*ctx;
@@ -610,6 +611,7 @@ handle_accept(int fd, short ev, void *data)
 	}
 
 	c = xcalloc(1, sizeof(*c));
+	c->msize = MSIZE9P;
 	c->lid = listen->id;
 	c->iev.ibuf.fd = -1;
 
@@ -685,6 +687,13 @@ client_read(struct bufferevent *bev, void *d)
 		    "(of wich %zu already read)",
 		    len, EVBUFFER_LENGTH(src));
 
+		if (len > client->msize) {
+			log_warnx("incoming message bigger than msize "
+			    "(%"PRIu32" vs %"PRIu32")", len, client->msize);
+			client_error(bev, EVBUFFER_READ, client);
+			return;
+		}
+
 		if (len > EVBUFFER_LENGTH(src))
 			return;