feat(tonic): Add limitation on body length

JustRustThings · Aug 12, 2022 · afcaea8 · afcaea8
1 parent d6eb8ed
commit afcaea8
Showing 1 changed file with 17 additions and 1 deletion.
diff --git a/tonic/src/codec/decode.rs b/tonic/src/codec/decode.rs
@@ -222,7 +222,23 @@ impl<T> Streaming<T> {
                 }
             };
             let len = self.buf.get_u32() as usize;
-            self.buf.reserve(len);
+
+            // limit message to 100 Mo
+            if len > 1024 * 1024 * 100 {
+                return Err(Status::invalid_argument(format!(
+                    "Body exceeds allowed length ({})",
+                    len
+                )));
+            }
+            // use fallible allocation
+            // needs patch in bytes for adding `try_reserve`
+            if let Err(err) = self.buf.try_reserve(len) {
+                return Err(Status::internal(format!(
+                    "Could not allocate buffer (needed size: {}): {}",
+                    len,                    
+                    err
+                )));
+            }
 
             self.state = State::ReadBody {
                 compression: compression_encoding,