From c27f6d6320497057cdf1c5af5f59e2a46c5947f8 Mon Sep 17 00:00:00 2001
From: Matthias Radestock <matthias.radestock@gmail.com>
Date: Fri, 17 Jul 2015 17:00:58 +0100
Subject: [PATCH] enforce a message size limit

so we do not allocate loads of memory when receiving (accidental or
deliberate) garbage
---
 router/consts.go | 1 +
 router/crypto.go | 6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/router/consts.go b/router/consts.go
index 1acfc18bca..6591236a0e 100644
--- a/router/consts.go
+++ b/router/consts.go
@@ -25,6 +25,7 @@ const (
 	MaxDuration         = time.Duration(math.MaxInt64)
 	MaxMissedHeartbeats = 6
 	HeartbeatTimeout    = MaxMissedHeartbeats * SlowHeartbeat
+	MaxTCPMsgSize       = 10 * 1024 * 1024
 )
 
 var (
diff --git a/router/crypto.go b/router/crypto.go
index 9a649d0af3..852d927ea0 100644
--- a/router/crypto.go
+++ b/router/crypto.go
@@ -361,6 +361,9 @@ func NewLengthPrefixTCPSender(writer io.Writer) *LengthPrefixTCPSender {
 
 func (sender *LengthPrefixTCPSender) Send(msg []byte) error {
 	l := len(msg)
+	if l > MaxTCPMsgSize {
+		return fmt.Errorf("outgoing message exceeds maximum size: %d > %d", l, MaxTCPMsgSize)
+	}
 	prefixedMsg := make([]byte, 4+l)
 	binary.BigEndian.PutUint32(prefixedMsg, uint32(l))
 	copy(prefixedMsg[4:], msg)
@@ -417,6 +420,9 @@ func (receiver *LengthPrefixTCPReceiver) Receive() ([]byte, error) {
 		return nil, err
 	}
 	l := binary.BigEndian.Uint32(lenPrefix)
+	if l > MaxTCPMsgSize {
+		return nil, fmt.Errorf("incoming message exceeds maximum size: %d > %d", l, MaxTCPMsgSize)
+	}
 	msg := make([]byte, l)
 	_, err := io.ReadFull(receiver.reader, msg)
 	return msg, err