From ec616a0151e452fe1eb3198218a429fac8a06609 Mon Sep 17 00:00:00 2001 From: Kagami Hiiragi Date: Thu, 15 Jan 2015 23:19:52 +0300 Subject: [PATCH] Check for number of addr entries --- lib/messages.js | 2 ++ test.js | 5 +++++ 2 files changed, 7 insertions(+) diff --git a/lib/messages.js b/lib/messages.js index 0909560..edc34f0 100644 --- a/lib/messages.js +++ b/lib/messages.js @@ -112,6 +112,7 @@ exports.addr = { decode: function(buf) { var decoded = structs.var_int.decode(buf); var listLength = decoded.value; + assert(listLength <= 1000, "Too many address entires"); var length = decoded.length + listLength * 38; assert(buf.length >= length, "Buffer is too small"); var rest = decoded.rest; @@ -132,6 +133,7 @@ exports.addr = { * @return {Buffer} Encoded `addr` payload. */ encode: function(addrs) { + assert(addrs.length <= 1000, "Too many address entires"); var addrsBuf = Buffer.concat(addrs.map(structs.net_addr.encode)); return Buffer.concat([structs.var_int.encode(addrs.length), addrsBuf]); }, diff --git a/test.js b/test.js index 971dc58..cffaa96 100644 --- a/test.js +++ b/test.js @@ -320,6 +320,11 @@ describe("Message types", function() { expect(res.addrs[1].host).to.equal("ff:0:0:0:0:0:0:1"); expect(res.addrs[1].port).to.equal(18444); }); + + it("shouldn't encode/decode more than 1000 entires", function() { + expect(addr.encode.bind(null, Array(2000))).to.throw(/too many/i); + expect(addr.decode.bind(null, var_int.encode(2000))).to.throw(/too many/i); + }); }); });