diff options
| author | Jakob Borg <jakob@kastelo.net> | 2021-04-06 08:00:00 +0200 |
|---|---|---|
| committer | Jakob Borg <jakob@kastelo.net> | 2021-04-06 08:03:22 +0200 |
| commit | fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97 (patch) | |
| tree | 1d7214760c82ba00c4d3ecf002b92efb521898a4 | |
| parent | 0d7a77ba85c69f9e427981b906c9a4941c4c0f9c (diff) | |
| download | syncthing-fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97.tar.gz syncthing-fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97.zip | |
Merge pull request from GHSA-x462-89pf-6r5hv1.15.0
| -rw-r--r-- | lib/relay/protocol/protocol.go | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/lib/relay/protocol/protocol.go b/lib/relay/protocol/protocol.go index 97dee8d41..0bc079ab6 100644 --- a/lib/relay/protocol/protocol.go +++ b/lib/relay/protocol/protocol.go @@ -4,6 +4,7 @@ package protocol import ( "errors" + "fmt" "io" ) @@ -86,6 +87,9 @@ func ReadMessage(r io.Reader) (interface{}, error) { if header.magic != magic { return nil, errors.New("magic mismatch") } + if header.messageLength < 0 || header.messageLength > 1024 { + return nil, fmt.Errorf("bad length (%d)", header.messageLength) + } buf = make([]byte, int(header.messageLength)) if _, err := io.ReadFull(r, buf); err != nil { |