diff --git a/lib/messages.js b/lib/messages.js index 3956c16..3092467 100644 --- a/lib/messages.js +++ b/lib/messages.js @@ -136,7 +136,9 @@ var version = exports.version = { var nonce = new Buffer(8); buf.copy(nonce, 0, 72, 80); var decodedUa = UserAgent.decode(buf.slice(80)); + assert(decodedUa.length <= 5000, "User agent is too long"); var decodedStreams = structs.var_int_list.decode(decodedUa.rest); + assert(decodedStreams.list.length <= 160000, "Too many streams"); return { protoVersion: protoVersion, services: services, @@ -195,8 +197,10 @@ var version = exports.version = { var nonce = opts.nonce || version.randomNonce; assert(nonce.length === 8, "Bad nonce"); var port = opts.port || 8444; - var userAgent = opts.userAgent || UserAgent.SELF; + var userAgent = UserAgent.encode(opts.userAgent || UserAgent.SELF); + assert(userAgent.length <= 5000, "User agent is too long"); var streams = opts.streams || [1]; + assert(streams.length <= 160000, "Too many streams"); // Start encoding. var protoVersion = new Buffer(4); protoVersion.writeUInt32BE(util.PROTOCOL_VERSION, 0); @@ -219,7 +223,7 @@ var version = exports.version = { addrRecv, addrFrom, nonce, - UserAgent.encode(userAgent), + userAgent, structs.var_int_list.encode(streams), ]); }, diff --git a/tests/unit.js b/tests/unit.js index 6c142d0..1c3781e 100644 --- a/tests/unit.js +++ b/tests/unit.js @@ -517,6 +517,22 @@ describe("Message types", function() { })); expect(res.userAgent).to.equal("/test:0.0.1/"); }); + + it("shouldn't encode user agent longer than 5000 bytes", function() { + expect(version.encode.bind(null, { + remoteHost: "1.2.3.4", + remotePort: 8444, + userAgent: Buffer(6000), + })).to.throw(/agent is too long/i); + }); + + it("shouldn't include more than 160,000 stream numbers", function() { + expect(version.encode.bind(null, { + remoteHost: "1.2.3.4", + remotePort: 8444, + streams: Array.prototype.slice.apply(new Uint8Array(200000)), + })).to.throw(/many streams/i); + }); }); describe("addr", function() {