feat(tonic): Add limitation on body length

JustRustThings · Jul 19, 2022 · dd530db · dd530db
1 parent 87d728e
commit dd530db
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/tonic/src/codec/decode.rs b/tonic/src/codec/decode.rs
@@ -240,7 +240,23 @@ impl<T> Streaming<T> {
                 }
             };
             let len = self.buf.get_u32() as usize;
-            self.buf.reserve(len);
+
+            // limit message to 100 Mo
+            if len > 1024 * 1024 * 100 {
+                return Err(Status::invalid_argument(format!(
+                    "Body exceeds allowed length ({})",
+                    len
+                )));
+            }
+            // use fallible allocation
+            // needs patch in bytes for adding `try_reserve`
+            if let Err(err) = self.buf.try_reserve(len) {
+                return Err(Status::internal(format!(
+                    "Could not allocate buffer (needed size: {}): {}",
+                    len,                    
+                    err
+                )));
+            }
 
             self.state = State::ReadBody {
                 compression: is_compressed,