From 14979c96cea08aff95bab7d18205472192bf797a Mon Sep 17 00:00:00 2001
From: Adam Dobrawy <ad-m@users.noreply.github.com>
Date: Sun, 30 Apr 2017 21:00:33 +0200
Subject: [PATCH] Limit metadata size

Malicious or malfunctioning peer can try send a huge metadata size what causes huge memory usage and to overflow them.
---
 magneticod/magneticod/bittorrent.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/magneticod/magneticod/bittorrent.py b/magneticod/magneticod/bittorrent.py
index 9e4ac54..2e37492 100644
--- a/magneticod/magneticod/bittorrent.py
+++ b/magneticod/magneticod/bittorrent.py
@@ -22,6 +22,7 @@ import os
 
 from . import bencode
 
+MAX_METADATA_SIZE = 5*1024*1024
 
 InfoHash = bytes
 PeerAddress = typing.Tuple[str, int]
@@ -209,7 +210,8 @@ class DisposablePeer:
             # Just to make sure that the remote peer supports ut_metadata extension:
             ut_metadata = msg_dict[b"m"][b"ut_metadata"]
             metadata_size = msg_dict[b"metadata_size"]
-            assert metadata_size > 0
+            assert metadata_size > 0, "Invalid (empty) metada size"
+            assert metadata_size < MAX_METADATA_SIZE, "Malicious or malfunctioning peer tried send a huge metadata size"
         except (AssertionError, KeyError):
             self.when_error()
             return