Close TCP connection when received message size is too large.

When the framing length value of a received message is larger than what the local node can process, abort the connection with the peer. The peer was already aware of the max length this node was willing to receive during its TCP advertisement. Fixes #33307.
project-chip · Jun 5, 2024 · 080d6c3 · 080d6c3
1 parent 2005be9
commit 080d6c3
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/src/transport/raw/TCP.cpp b/src/transport/raw/TCP.cpp
@@ -331,7 +331,10 @@ CHIP_ERROR TCPBase::ProcessReceivedBuffer(Inet::TCPEndPoint * endPoint, const Pe
         uint32_t messageSize = LittleEndian::Get32(messageSizeBuf);
         if (messageSize >= kMaxTCPMessageSize)
         {
-            // This message is too long for upper layers.
+            // Message is too big for this node to process. Disconnect with peer.
+            ChipLogError(Inet, "Received TCP message of length %" PRIu32 " exceeds limit.", messageSize);
+            CloseConnectionInternal(state, CHIP_ERROR_MESSAGE_TOO_LONG, SuppressCallback::No);
+
             return CHIP_ERROR_MESSAGE_TOO_LONG;
         }
         // The subtraction will not underflow because we successfully read kPacketSizeBytes.

diff --git a/src/transport/raw/tests/TestTCP.cpp b/src/transport/raw/tests/TestTCP.cpp
@@ -682,7 +682,9 @@ TEST_F(TestTCP, CheckProcessReceivedBuffer)
     EXPECT_EQ(err, CHIP_ERROR_MESSAGE_TOO_LONG);
     EXPECT_EQ(gMockTransportMgrDelegate.mReceiveHandlerCallCount, 0);
 
-    gMockTransportMgrDelegate.DisconnectTest(tcp, addr);
+    // The receipt of a message exceeding the allowed size should have
+    // closed the connection.
+    EXPECT_EQ(TestAccess::GetEndpoint(state), nullptr);
 }
 
 } // namespace