From 080d6c30c2ff29d4a699090f4a5a13ec7c9b34c2 Mon Sep 17 00:00:00 2001 From: Pradip De Date: Wed, 5 Jun 2024 16:00:26 -0700 Subject: [PATCH] Close TCP connection when received message size is too large. When the framing length value of a received message is larger than what the local node can process, abort the connection with the peer. The peer was already aware of the max length this node was willing to receive during its TCP advertisement. Fixes #33307. --- src/transport/raw/TCP.cpp | 5 ++++- src/transport/raw/tests/TestTCP.cpp | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/transport/raw/TCP.cpp b/src/transport/raw/TCP.cpp index b928c3e91cccae..0c6ad8968f8252 100644 --- a/src/transport/raw/TCP.cpp +++ b/src/transport/raw/TCP.cpp @@ -331,7 +331,10 @@ CHIP_ERROR TCPBase::ProcessReceivedBuffer(Inet::TCPEndPoint * endPoint, const Pe uint32_t messageSize = LittleEndian::Get32(messageSizeBuf); if (messageSize >= kMaxTCPMessageSize) { - // This message is too long for upper layers. + // Message is too big for this node to process. Disconnect with peer. + ChipLogError(Inet, "Received TCP message of length %" PRIu32 " exceeds limit.", messageSize); + CloseConnectionInternal(state, CHIP_ERROR_MESSAGE_TOO_LONG, SuppressCallback::No); + return CHIP_ERROR_MESSAGE_TOO_LONG; } // The subtraction will not underflow because we successfully read kPacketSizeBytes. diff --git a/src/transport/raw/tests/TestTCP.cpp b/src/transport/raw/tests/TestTCP.cpp index dbce3b8ce5ef43..4f78da5dcdce86 100644 --- a/src/transport/raw/tests/TestTCP.cpp +++ b/src/transport/raw/tests/TestTCP.cpp @@ -682,7 +682,9 @@ TEST_F(TestTCP, CheckProcessReceivedBuffer) EXPECT_EQ(err, CHIP_ERROR_MESSAGE_TOO_LONG); EXPECT_EQ(gMockTransportMgrDelegate.mReceiveHandlerCallCount, 0); - gMockTransportMgrDelegate.DisconnectTest(tcp, addr); + // The receipt of a message exceeding the allowed size should have + // closed the connection. + EXPECT_EQ(TestAccess::GetEndpoint(state), nullptr); } } // namespace