From 79229a92c3836ee70f238c3f8906abf91e4e46f6 Mon Sep 17 00:00:00 2001 From: Luke Shumaker Date: Fri, 8 Sep 2017 22:00:38 -0400 Subject: nslcd_server: Add a request size limit --- nslcd_server/func_handlerequest.go.gen | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) (limited to 'nslcd_server') diff --git a/nslcd_server/func_handlerequest.go.gen b/nslcd_server/func_handlerequest.go.gen index af36e84..7c28e7c 100755 --- a/nslcd_server/func_handlerequest.go.gen +++ b/nslcd_server/func_handlerequest.go.gen @@ -26,6 +26,7 @@ package nslcd_server import ( "fmt" + "io" "os" "time" @@ -53,6 +54,10 @@ type Limits struct { // How long can we spend writing a response? WriteTimeout time.Duration + + // What is the maximum request length in bytes that we are + // willing to handle? + RequestMaxSize int64 } type Conn interface { @@ -92,13 +97,19 @@ func HandleRequest(backend Backend, limits Limits, conn Conn, cred unix.Ucred) ( } } + var in io.Reader = conn + if limits.RequestMaxSize > 0 { + in = &io.LimitedReader{R: in, N: limits.RequestMaxSize} + } + out := conn + var version int32 - maybePanic(p.Read(conn, &version)) + maybePanic(p.Read(in, &version)) if version != p.NSLCD_VERSION { return p.NslcdError(fmt.Sprintf("Version mismatch: server=%#08x client=%#08x", p.NSLCD_VERSION, version)) } var action int32 - maybePanic(p.Read(conn, &action)) + maybePanic(p.Read(in, &action)) switch action { $( @@ -106,7 +117,7 @@ while read -r request; do cat <