lib/net: Limit the maximum size of TCP or SSL input buffers
This commit is the 2/3 part of the fix for the following security
vulnerability:
- CVE-2021-42076 DoS via excess length messages
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
(cherry picked from commit af90f39b4a
)
This commit is contained in:
parent
f546af4a85
commit
d762ab7d50
|
@ -40,6 +40,7 @@
|
|||
|
||||
#define MAX_ERROR_SIZE 65535
|
||||
|
||||
static const std::size_t MAX_INPUT_BUFFER_SIZE = 1024 * 1024;
|
||||
static const float s_retryDelay = 0.01f;
|
||||
|
||||
enum {
|
||||
|
@ -180,7 +181,11 @@ SecureSocket::doRead()
|
|||
// slurp up as much as possible
|
||||
do {
|
||||
m_inputBuffer.write(buffer, bytesRead);
|
||||
|
||||
|
||||
if (m_inputBuffer.getSize() > MAX_INPUT_BUFFER_SIZE) {
|
||||
break;
|
||||
}
|
||||
|
||||
status = secureRead(buffer, sizeof(buffer), bytesRead);
|
||||
if (status < 0) {
|
||||
return kBreak;
|
||||
|
|
|
@ -33,9 +33,7 @@
|
|||
#include <cstdlib>
|
||||
#include <memory>
|
||||
|
||||
//
|
||||
// TCPSocket
|
||||
//
|
||||
static const std::size_t MAX_INPUT_BUFFER_SIZE = 1024 * 1024;
|
||||
|
||||
TCPSocket::TCPSocket(IEventQueue* events, SocketMultiplexer* socketMultiplexer, IArchNetwork::EAddressFamily family) :
|
||||
IDataSocket(events),
|
||||
|
@ -345,6 +343,10 @@ TCPSocket::doRead()
|
|||
do {
|
||||
m_inputBuffer.write(buffer, (UInt32)bytesRead);
|
||||
|
||||
if (m_inputBuffer.getSize() > MAX_INPUT_BUFFER_SIZE) {
|
||||
break;
|
||||
}
|
||||
|
||||
bytesRead = ARCH->readSocket(m_socket, buffer, sizeof(buffer));
|
||||
} while (bytesRead > 0);
|
||||
|
||||
|
|
Loading…
Reference in New Issue