Check max message payload length

Relates: Bitmessage/PyBitmessage#767

README.md

@@ -85,7 +85,7 @@ console.log("Deterministic Bitmessage address:", addr2.encode());
 
 bitmessage - JavaScript Bitmessage library
 
-Written in 2014 by Kagami Hiiragi <kagami@genshiken.org>
+Written in 2014-2015 by Kagami Hiiragi <kagami@genshiken.org>
 
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
 

lib/structs.js

@@ -118,7 +118,7 @@ var message = exports.message = {
     // Payload length.
     var payloadLength = buf.readUInt32BE(16, true);
     var msgLength = 24 + payloadLength;
-    // See also: <https://github.com/Bitmessage/PyBitmessage/issues/767>.
+    // See: <https://github.com/Bitmessage/PyBitmessage/issues/767>.
     if (payloadLength > 1600003) {
       res.error = new Error("Message is too large, skipping it");
       if (buf.length > msgLength) {
@@ -193,6 +193,7 @@ var message = exports.message = {
     // than default "utf-8" encoding.
     command = command.slice(0, firstNonNull).toString("ascii");
     var payloadLength = buf.readUInt32BE(16, true);
+    assert(payloadLength <= 1600003, "Message payload is too big");
     var length = 24 + payloadLength;
     assert(buf.length >= length, "Truncated payload");
     var checksum = buf.slice(20, 24);
@@ -217,6 +218,7 @@ var message = exports.message = {
     if (!payload) {
       payload = new Buffer(0);
     }
+    assert(payload.length <= 1600003, "Message payload is too big");
     var buf = new Buffer(24 + payload.length);
     buf.fill(0);
     buf.writeUInt32BE(message.MAGIC, 0, true);
@@ -558,7 +560,7 @@ function inet_pton(str) {
   var buf = new Buffer(16);
   buf.fill(0);
   // IPv4-mapped IPv6.
-  if (str.indexOf("::ffff:") === 0) {
+  if (str.slice(0, 7) === "::ffff:") {
     str = str.slice(7);
   }
   // IPv4.

tests/unit.js

@@ -173,6 +173,16 @@ describe("Common structures", function() {
       expect(res.rest.readUInt32BE(0)).to.equal(message.MAGIC);
       expect(res).to.not.have.property("message");
     });
+
+    it("should check for max payload length", function() {
+      var fn = message.encode.bind(null, "test", Buffer(2000000));
+      expect(fn).to.throw(/payload is too big/i);
+
+      var bigmsg = message.encode("test");
+      bigmsg.writeUInt32BE(2000000, 16);
+      fn = message.decode.bind(null, bigmsg);
+      expect(fn).to.throw(/payload is too big/i);
+    });
   });
 
   describe("object", function() {