aboutsummaryrefslogtreecommitdiff
path: root/internal/ctlsock/ctlsock_serve.go
diff options
context:
space:
mode:
authorJakob Unterwurzacher2016-12-10 20:41:40 +0100
committerJakob Unterwurzacher2016-12-10 20:43:08 +0100
commit12374be9c51b0298c85751e4652fe4e852c85546 (patch)
treec1db2661518d8d67ce10839bb0cf672eecb7da07 /internal/ctlsock/ctlsock_serve.go
parent8945f4db95ec75dd1f9de763ae249d9e433d3732 (diff)
ctlsock: abort the connection if the request is too big
Reading partial JSON would cause a mess. Just kill the connection. Also, stop using syscall.PathMax that is not defined on Darwin ( https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-264253024 )
Diffstat (limited to 'internal/ctlsock/ctlsock_serve.go')
-rw-r--r--internal/ctlsock/ctlsock_serve.go16
1 files changed, 13 insertions, 3 deletions
diff --git a/internal/ctlsock/ctlsock_serve.go b/internal/ctlsock/ctlsock_serve.go
index a8e6766..7e60301 100644
--- a/internal/ctlsock/ctlsock_serve.go
+++ b/internal/ctlsock/ctlsock_serve.go
@@ -70,10 +70,15 @@ func (ch *ctlSockHandler) acceptLoop() {
}
}
+// The longest possible path is 4096 bytes on Linux and 1024 on Mac OS X so
+// 5000 bytes should be enough to hold the whole JSON request. This
+// assumes that the path does not contain too many characters that had to be
+// be escaped in JSON (for example, a null byte blows up to "\u0000").
+// We abort the connection if the request is bigger than this.
+const ReadBufSize = 5000
+
func (ch *ctlSockHandler) handleConnection(conn *net.UnixConn) {
- // 2*PATH_MAX is definitely big enough for requests to decrypt or
- // encrypt paths.
- buf := make([]byte, 2*syscall.PathMax)
+ buf := make([]byte, ReadBufSize)
for {
n, err := conn.Read(buf)
if err == io.EOF {
@@ -84,6 +89,11 @@ func (ch *ctlSockHandler) handleConnection(conn *net.UnixConn) {
conn.Close()
return
}
+ if n == ReadBufSize {
+ tlog.Warn.Printf("ctlsock: request too big (max = %d bytes)", ReadBufSize-1)
+ conn.Close()
+ return
+ }
buf = buf[:n]
var in RequestStruct
err = json.Unmarshal(buf, &in)