From 12374be9c51b0298c85751e4652fe4e852c85546 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sat, 10 Dec 2016 20:41:40 +0100 Subject: [PATCH] ctlsock: abort the connection if the request is too big Reading partial JSON would cause a mess. Just kill the connection. Also, stop using syscall.PathMax that is not defined on Darwin ( https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-264253024 ) --- internal/ctlsock/ctlsock_serve.go | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/internal/ctlsock/ctlsock_serve.go b/internal/ctlsock/ctlsock_serve.go index a8e6766..7e60301 100644 --- a/internal/ctlsock/ctlsock_serve.go +++ b/internal/ctlsock/ctlsock_serve.go @@ -70,10 +70,15 @@ func (ch *ctlSockHandler) acceptLoop() { } } +// The longest possible path is 4096 bytes on Linux and 1024 on Mac OS X so +// 5000 bytes should be enough to hold the whole JSON request. This +// assumes that the path does not contain too many characters that had to be +// be escaped in JSON (for example, a null byte blows up to "\u0000"). +// We abort the connection if the request is bigger than this. +const ReadBufSize = 5000 + func (ch *ctlSockHandler) handleConnection(conn *net.UnixConn) { - // 2*PATH_MAX is definitely big enough for requests to decrypt or - // encrypt paths. - buf := make([]byte, 2*syscall.PathMax) + buf := make([]byte, ReadBufSize) for { n, err := conn.Read(buf) if err == io.EOF { @@ -84,6 +89,11 @@ func (ch *ctlSockHandler) handleConnection(conn *net.UnixConn) { conn.Close() return } + if n == ReadBufSize { + tlog.Warn.Printf("ctlsock: request too big (max = %d bytes)", ReadBufSize-1) + conn.Close() + return + } buf = buf[:n] var in RequestStruct err = json.Unmarshal(buf, &in)