summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--internal/ctlsock/ctlsock_serve.go16
1 files changed, 13 insertions, 3 deletions
diff --git a/internal/ctlsock/ctlsock_serve.go b/internal/ctlsock/ctlsock_serve.go
index a8e6766..7e60301 100644
--- a/internal/ctlsock/ctlsock_serve.go
+++ b/internal/ctlsock/ctlsock_serve.go
@@ -70,10 +70,15 @@ func (ch *ctlSockHandler) acceptLoop() {
}
}
+// The longest possible path is 4096 bytes on Linux and 1024 on Mac OS X so
+// 5000 bytes should be enough to hold the whole JSON request. This
+// assumes that the path does not contain too many characters that had to be
+// be escaped in JSON (for example, a null byte blows up to "\u0000").
+// We abort the connection if the request is bigger than this.
+const ReadBufSize = 5000
+
func (ch *ctlSockHandler) handleConnection(conn *net.UnixConn) {
- // 2*PATH_MAX is definitely big enough for requests to decrypt or
- // encrypt paths.
- buf := make([]byte, 2*syscall.PathMax)
+ buf := make([]byte, ReadBufSize)
for {
n, err := conn.Read(buf)
if err == io.EOF {
@@ -84,6 +89,11 @@ func (ch *ctlSockHandler) handleConnection(conn *net.UnixConn) {
conn.Close()
return
}
+ if n == ReadBufSize {
+ tlog.Warn.Printf("ctlsock: request too big (max = %d bytes)", ReadBufSize-1)
+ conn.Close()
+ return
+ }
buf = buf[:n]
var in RequestStruct
err = json.Unmarshal(buf, &in)