i2p: limit the size of incoming messages

Put a limit on the amount of data `Sock::RecvUntilTerminator()` can read if no terminator is received. In the case of I2P this avoids a runaway (or malicious) I2P proxy sending us tons of data without a terminator before a timeout is triggered.
2025-11-13 07:28:59 +01:00 · 2021-03-10 12:07:08 +01:00
parent 7cdadf91d5
commit 80a5a8ea2b
4 changed files with 22 additions and 5 deletions
--- a/src/util/sock.cpp
+++ b/src/util/sock.cpp
@@ -175,7 +175,8 @@ void Sock::SendComplete(const std::string& data,

 std::string Sock::RecvUntilTerminator(uint8_t terminator,
                                      std::chrono::milliseconds timeout,
-                                      CThreadInterrupt& interrupt) const
+                                      CThreadInterrupt& interrupt,
+                                      size_t max_data) const
 {
    const auto deadline = GetTime<std::chrono::milliseconds>() + timeout;
    std::string data;
@@ -190,9 +191,14 @@ std::string Sock::RecvUntilTerminator(uint8_t terminator,
    // at a time is about 50 times slower.

    for (;;) {
+        if (data.size() >= max_data) {
+            throw std::runtime_error(
+                strprintf("Received too many bytes without a terminator (%u)", data.size()));
+        }
+
        char buf[512];

-        const ssize_t peek_ret{Recv(buf, sizeof(buf), MSG_PEEK)};
+        const ssize_t peek_ret{Recv(buf, std::min(sizeof(buf), max_data - data.size()), MSG_PEEK)};

        switch (peek_ret) {
        case -1: {
--- a/src/util/sock.h
+++ b/src/util/sock.h
@@ -135,13 +135,16 @@ public:
     * @param[in] terminator Character up to which to read from the socket.
     * @param[in] timeout Timeout for the entire operation.
     * @param[in] interrupt If this is signaled then the operation is canceled.
+     * @param[in] max_data The maximum amount of data (in bytes) to receive. If this many bytes
+     * are received and there is still no terminator, then this method will throw an exception.
     * @return The data that has been read, without the terminating character.
     * @throws std::runtime_error if the operation cannot be completed. In this case some bytes may
     * have been consumed from the socket.
     */
    virtual std::string RecvUntilTerminator(uint8_t terminator,
                                            std::chrono::milliseconds timeout,
-                                            CThreadInterrupt& interrupt) const;
+                                            CThreadInterrupt& interrupt,
+                                            size_t max_data) const;

    /**
     * Check if still connected.