Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix(plugin): Add default limits for chunks and message size
Based on a reported DoS vulnerability reported by Team82 (Claroty
Research).
  • Loading branch information
jpfr committed Jun 4, 2022
1 parent ac78eb6 commit b79db1a
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 8 deletions.
14 changes: 7 additions & 7 deletions plugins/ua_config_default.c
Expand Up @@ -59,13 +59,13 @@ UA_Server_new() {
/*******************************/

const UA_ConnectionConfig UA_ConnectionConfig_default = {
0, /* .protocolVersion */
65535, /* .sendBufferSize, 64k per chunk */
65535, /* .recvBufferSize, 64k per chunk */
0, /* .localMaxMessageSize, 0 -> unlimited */
0, /* .remoteMaxMessageSize, 0 -> unlimited */
0, /* .localMaxChunkCount, 0 -> unlimited */
0 /* .remoteMaxChunkCount, 0 -> unlimited */
0, /* .protocolVersion */
2 << 16, /* .sendBufferSize, 64k per chunk */
2 << 16, /* .recvBufferSize, 64k per chunk */
2 << 29, /* .localMaxMessageSize, 512 MB */
2 << 29, /* .remoteMaxMessageSize, 512 MB */
2 << 14, /* .localMaxChunkCount, 16k */
2 << 14 /* .remoteMaxChunkCount, 16k */
};

/***************************/
Expand Down
3 changes: 2 additions & 1 deletion tests/check_securechannel.c
Expand Up @@ -45,7 +45,8 @@ setup_secureChannel(void) {
UA_SecureChannel_init(&testChannel, &UA_ConnectionConfig_default);
UA_SecureChannel_setSecurityPolicy(&testChannel, &dummyPolicy, &dummyCertificate);

testingConnection = createDummyConnection(65535, &sentData);
testingConnection =
createDummyConnection(UA_ConnectionConfig_default.sendBufferSize, &sentData);
UA_Connection_attachSecureChannel(&testingConnection, &testChannel);
testChannel.connection = &testingConnection;

Expand Down

0 comments on commit b79db1a

Please sign in to comment.