From ec616a0151e452fe1eb3198218a429fac8a06609 Mon Sep 17 00:00:00 2001
From: Kagami Hiiragi <kagami@genshiken.org>
Date: Thu, 15 Jan 2015 23:19:52 +0300
Subject: [PATCH] Check for number of addr entries

---
 lib/messages.js | 2 ++
 test.js         | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/lib/messages.js b/lib/messages.js
index 0909560..edc34f0 100644
--- a/lib/messages.js
+++ b/lib/messages.js
@@ -112,6 +112,7 @@ exports.addr = {
   decode: function(buf) {
     var decoded = structs.var_int.decode(buf);
     var listLength = decoded.value;
+    assert(listLength <= 1000, "Too many address entires");
     var length = decoded.length + listLength * 38;
     assert(buf.length >= length, "Buffer is too small");
     var rest = decoded.rest;
@@ -132,6 +133,7 @@ exports.addr = {
    * @return {Buffer} Encoded `addr` payload.
    */
   encode: function(addrs) {
+    assert(addrs.length <= 1000, "Too many address entires");
     var addrsBuf = Buffer.concat(addrs.map(structs.net_addr.encode));
     return Buffer.concat([structs.var_int.encode(addrs.length), addrsBuf]);
   },
diff --git a/test.js b/test.js
index 971dc58..cffaa96 100644
--- a/test.js
+++ b/test.js
@@ -320,6 +320,11 @@ describe("Message types", function() {
       expect(res.addrs[1].host).to.equal("ff:0:0:0:0:0:0:1");
       expect(res.addrs[1].port).to.equal(18444);
     });
+
+    it("shouldn't encode/decode more than 1000 entires", function() {
+      expect(addr.encode.bind(null, Array(2000))).to.throw(/too many/i);
+      expect(addr.decode.bind(null, var_int.encode(2000))).to.throw(/too many/i);
+    });
   });
 });