backup/barrier
1
0
Fork 0
mirror of https://github.com/debauchee/barrier.git synced 2026-05-10 00:11:43 +08:00
Code Issues Projects Releases Wiki Activity

lib/net: Limit the maximum size of TCP or SSL input buffers

Browse Source 
This commit is the 2/3 part of the fix for the following security
vulnerability:
 - CVE-2021-42076 DoS via excess length messages

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
This commit is contained in:
Povilas Kanapickas
2021-11-01 05:18:52 +02:00
parent e33c81b835
commit af90f39b4a
2 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/lib/net/SecureSocket.cpp
View File

@@ -43,6 +43,7 @@
#define MAX_ERROR_SIZE 65535
static const std::size_t MAX_INPUT_BUFFER_SIZE = 1024 * 1024;
static const float s_retryDelay = 0.01f;
enum {
@@ -178,6 +179,10 @@ SecureSocket::doRead()
do {
m_inputBuffer.write(buffer, bytesRead);
if (m_inputBuffer.getSize() > MAX_INPUT_BUFFER_SIZE) {
break;
}
status = secureRead(buffer, sizeof(buffer), bytesRead);
if (status < 0) {
return kBreak;