From 738e5c1e0f8b42da5034cef79d94db7d760341e5 Mon Sep 17 00:00:00 2001 From: "Bora M. Alper" Date: Sun, 19 May 2019 17:23:36 +0100 Subject: [PATCH] [magneticod] fix OOM caused by large BT msg size --- cmd/magneticod/bittorrent/metadata/leech.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cmd/magneticod/bittorrent/metadata/leech.go b/cmd/magneticod/bittorrent/metadata/leech.go index db44dcc..438891e 100644 --- a/cmd/magneticod/bittorrent/metadata/leech.go +++ b/cmd/magneticod/bittorrent/metadata/leech.go @@ -184,6 +184,14 @@ func (l *Leech) readMessage() ([]byte, error) { rLength := uint(binary.BigEndian.Uint32(rLengthB)) + // Some malicious/faulty peers say that they are sending a very long + // message, and hence causing us to run out of memory. + // This is a crude check that does not let it happen (i.e. boundary can probably be + // tightened a lot more.) + if rLength > MAX_METADATA_SIZE { + return nil, errors.New("message is longer than max allowed metadata size") + } + rMessage, err := l.readExactly(rLength) if err != nil { return nil, errors.Wrap(err, "readExactly rMessage")