i2p: limit the size of incoming messages

Put a limit on the amount of data `Sock::RecvUntilTerminator()` can read if no terminator is received. In the case of I2P this avoids a runaway (or malicious) I2P proxy sending us tons of data without a terminator before a timeout is triggered.
2025-11-11 06:28:31 +01:00 · 2021-03-10 12:07:08 +01:00
parent 7cdadf91d5
commit 80a5a8ea2b
4 changed files with 22 additions and 5 deletions
--- a/src/i2p.h
+++ b/src/i2p.h
@@ -40,6 +40,14 @@ struct Connection {

 namespace sam {

+/**
+ * The maximum size of an incoming message from the I2P SAM proxy (in bytes).
+ * Used to avoid a runaway proxy from sending us an "unlimited" amount of data without a terminator.
+ * The longest known message is ~1400 bytes, so this is high enough not to be triggered during
+ * normal operation, yet low enough to avoid a malicious proxy from filling our memory.
+ */
+static constexpr size_t MAX_MSG_SIZE{65536};
+
 /**
 * I2P SAM session.
 */