diff options
Diffstat (limited to 'internal/ctlsock/ctlsock_serve.go')
-rw-r--r-- | internal/ctlsock/ctlsock_serve.go | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/internal/ctlsock/ctlsock_serve.go b/internal/ctlsock/ctlsock_serve.go index a8e6766..7e60301 100644 --- a/internal/ctlsock/ctlsock_serve.go +++ b/internal/ctlsock/ctlsock_serve.go @@ -70,10 +70,15 @@ func (ch *ctlSockHandler) acceptLoop() { } } +// The longest possible path is 4096 bytes on Linux and 1024 on Mac OS X so +// 5000 bytes should be enough to hold the whole JSON request. This +// assumes that the path does not contain too many characters that had to be +// be escaped in JSON (for example, a null byte blows up to "\u0000"). +// We abort the connection if the request is bigger than this. +const ReadBufSize = 5000 + func (ch *ctlSockHandler) handleConnection(conn *net.UnixConn) { - // 2*PATH_MAX is definitely big enough for requests to decrypt or - // encrypt paths. - buf := make([]byte, 2*syscall.PathMax) + buf := make([]byte, ReadBufSize) for { n, err := conn.Read(buf) if err == io.EOF { @@ -84,6 +89,11 @@ func (ch *ctlSockHandler) handleConnection(conn *net.UnixConn) { conn.Close() return } + if n == ReadBufSize { + tlog.Warn.Printf("ctlsock: request too big (max = %d bytes)", ReadBufSize-1) + conn.Close() + return + } buf = buf[:n] var in RequestStruct err = json.Unmarshal(buf, &in) |