Skip to content
Browse files

subchannel: check MAX_FRAME_LENGTH, 2**32 minus headers

Anyone sending 4GB in a single `transport.write()` is in for a surprise, but
at least we'll surprise them with an assertion *before* spending the time and
memory encrypting that monster.
  • Loading branch information...
warner committed Jul 8, 2019
1 parent d1aefa8 commit 575cf5d789a3ace673dcecd4ee1417e14006fc1e
Showing with 8 additions and 0 deletions.
  1. +8 −0 src/wormhole/_dilation/
@@ -12,6 +12,13 @@
from automat import MethodicalMachine
from .._interfaces import ISubChannel, IDilationManager

# each subchannel frame (the data passed into transport.write(data)) gets a
# 9-byte header prefix (type, subchannel id, and sequence number), then gets
# encrypted (adding a 16-byte authentication tag). The result is transmitted
# with a 4-byte length prefix (which only covers the padded message, not the
# length prefix itself), so the padded message must be less than 2**32 bytes
# long.
MAX_FRAME_LENGTH = 2**32 - 1 - 9 - 16;

class Once(object):
@@ -173,6 +180,7 @@ def _set_protocol(self, protocol):
# ITransport
def write(self, data):
assert isinstance(data, type(b""))
assert len(data) <= MAX_FRAME_LENGTH

def writeSequence(self, iovec):

0 comments on commit 575cf5d

Please sign in to comment.
You can’t perform that action at this time.