diff options
author | Jakob Unterwurzacher | 2016-12-10 20:41:40 +0100 |
---|---|---|
committer | Jakob Unterwurzacher | 2016-12-10 20:43:08 +0100 |
commit | 12374be9c51b0298c85751e4652fe4e852c85546 (patch) | |
tree | c1db2661518d8d67ce10839bb0cf672eecb7da07 /internal/ctlsock | |
parent | 8945f4db95ec75dd1f9de763ae249d9e433d3732 (diff) |
ctlsock: abort the connection if the request is too big
Reading partial JSON would cause a mess. Just kill the connection.
Also, stop using syscall.PathMax that is not defined on Darwin
( https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-264253024 )
Diffstat (limited to 'internal/ctlsock')
-rw-r--r-- | internal/ctlsock/ctlsock_serve.go | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/internal/ctlsock/ctlsock_serve.go b/internal/ctlsock/ctlsock_serve.go index a8e6766..7e60301 100644 --- a/internal/ctlsock/ctlsock_serve.go +++ b/internal/ctlsock/ctlsock_serve.go @@ -70,10 +70,15 @@ func (ch *ctlSockHandler) acceptLoop() { } } +// The longest possible path is 4096 bytes on Linux and 1024 on Mac OS X so +// 5000 bytes should be enough to hold the whole JSON request. This +// assumes that the path does not contain too many characters that had to be +// be escaped in JSON (for example, a null byte blows up to "\u0000"). +// We abort the connection if the request is bigger than this. +const ReadBufSize = 5000 + func (ch *ctlSockHandler) handleConnection(conn *net.UnixConn) { - // 2*PATH_MAX is definitely big enough for requests to decrypt or - // encrypt paths. - buf := make([]byte, 2*syscall.PathMax) + buf := make([]byte, ReadBufSize) for { n, err := conn.Read(buf) if err == io.EOF { @@ -84,6 +89,11 @@ func (ch *ctlSockHandler) handleConnection(conn *net.UnixConn) { conn.Close() return } + if n == ReadBufSize { + tlog.Warn.Printf("ctlsock: request too big (max = %d bytes)", ReadBufSize-1) + conn.Close() + return + } buf = buf[:n] var in RequestStruct err = json.Unmarshal(buf, &in) |