frame: reject frames that are too big for the RAM

Fixes #34. Signed-off-by: Alexey Galakhov <agalakhov@snapview.de>
6 years ago · 9bd65feaeb
parent 977c6e7c7a
commit 9bd65feaeb
1 changed files with 7 additions and 2 deletions
--- a/src/protocol/frame/frame.rs
+++ b/src/protocol/frame/frame.rs
@ -342,11 +342,17 @@ impl Frame {
            None
        };

+        // Make sure `length` is not too big (fits into `usize`).
+        if length > usize::max_value() as u64 {
+            return Err(Error::Capacity(format!("Message length too big: {}", length).into()));
+        }
+
        if size < header_length || size - header_length < length {
            cursor.set_position(initial);
            return Ok(None)
        }

+        // Size is checked above, so it won't be truncated here.
        let mut data = Vec::with_capacity(length as usize);
        if length > 0 {
            unsafe {
@ -518,7 +524,6 @@ mod tests {
            0x83, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
            0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
        ]);
-        let frame_none = Frame::parse(&mut raw).unwrap();
-        assert!(frame_none.is_none());
+        let _ = Frame::parse(&mut raw); // should not crash
    }
 }