ctlsock: abort the connection if the request is too big

Reading partial JSON would cause a mess. Just kill the connection. Also, stop using syscall.PathMax that is not defined on Darwin ( https://github.com/rfjakob/gocryptfs/issues/15#issuecomment-264253024 )
2016-12-10 20:41:40 +01:00 · 2016-12-10 20:41:40 +01:00 · 12374be9c5
commit 12374be9c5
parent 8945f4db95
1 changed files with 13 additions and 3 deletions
--- a/internal/ctlsock/ctlsock_serve.go
+++ b/internal/ctlsock/ctlsock_serve.go
@ -70,10 +70,15 @@ func (ch *ctlSockHandler) acceptLoop() {
 	}
 }

+// The longest possible path is 4096 bytes on Linux and 1024 on Mac OS X so
+// 5000 bytes should be enough to hold the whole JSON request. This
+// assumes that the path does not contain too many characters that had to be
+// be escaped in JSON (for example, a null byte blows up to "\u0000").
+// We abort the connection if the request is bigger than this.
+const ReadBufSize = 5000
+
 func (ch *ctlSockHandler) handleConnection(conn *net.UnixConn) {
-	// 2*PATH_MAX is definitely big enough for requests to decrypt or
-	// encrypt paths.
-	buf := make([]byte, 2*syscall.PathMax)
+	buf := make([]byte, ReadBufSize)
 	for {
 		n, err := conn.Read(buf)
 		if err == io.EOF {
@ -84,6 +89,11 @@ func (ch *ctlSockHandler) handleConnection(conn *net.UnixConn) {
 			conn.Close()
 			return
 		}
+		if n == ReadBufSize {
+			tlog.Warn.Printf("ctlsock: request too big (max = %d bytes)", ReadBufSize-1)
+			conn.Close()
+			return
+		}
 		buf = buf[:n]
 		var in RequestStruct
 		err = json.Unmarshal(buf, &in)