Is there some way to limit the maximum number of bytes allocated when decoding string or buffer?

Question

Is there some way to limit the maximum number of bytes allocated when decoding string or buffer?

Opened this issue 7 years ago · 1 comments

This table says that buffers and strings are encoded as a varuint length followed by the actual data. What if someone with evil intent creates a packet that has a buffer instruction with a gigantic length varuint, say gigabytes big. Is this library going to attempt to create such a gigantic buffer? There should be some way to place upper limits on the expected size of buffer and string length, as well as array elements, shouldn't there?

Answer 1 · 2019-07-22T11:40:45.000Z

You can check the size of the buffer manually. If you use socket.io you can limit message size too.