i2p: limit the size of incoming messages

Put a limit on the amount of data `Sock::RecvUntilTerminator()` can read if no terminator is received. In the case of I2P this avoids a runaway (or malicious) I2P proxy sending us tons of data without a terminator before a timeout is triggered.
author: Vasil Dimov <vd@FreeBSD.org> 2021-03-10 12:07:08 +0100
committer: Vasil Dimov <vd@FreeBSD.org> 2021-03-16 11:00:57 +0100
commit: 80a5a8ea2b7ad512c74c29df5b504e9be6cf23a0 (patch)
tree: 4afdcf0bdbde9a1692073c09d5f66aa04efc3a5c /src/i2p.h
parent: 7cdadf91d513250b983b6a1c4672a6acc0dcf074 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/i2p.h b/src/i2p.h
index 8fafe0a4d0..1ebe7d0329 100644
--- a/src/i2p.h
+++ b/src/i2p.h
@@ -41,6 +41,14 @@ struct Connection {
 namespace sam {
 
 /**
+ * The maximum size of an incoming message from the I2P SAM proxy (in bytes).
+ * Used to avoid a runaway proxy from sending us an "unlimited" amount of data without a terminator.
+ * The longest known message is ~1400 bytes, so this is high enough not to be triggered during
+ * normal operation, yet low enough to avoid a malicious proxy from filling our memory.
+ */
+static constexpr size_t MAX_MSG_SIZE{65536};
+
+/**
  * I2P SAM session.
  */
 class Session
author	Vasil Dimov <vd@FreeBSD.org>	2021-03-10 12:07:08 +0100
committer	Vasil Dimov <vd@FreeBSD.org>	2021-03-16 11:00:57 +0100
commit	80a5a8ea2b7ad512c74c29df5b504e9be6cf23a0 (patch)
tree	4afdcf0bdbde9a1692073c09d5f66aa04efc3a5c /src/i2p.h
parent	7cdadf91d513250b983b6a1c4672a6acc0dcf074 (diff)