From 27654d30228f9de2c15e351948103ae619364f36 Mon Sep 17 00:00:00 2001 From: David Theodore <29786815+infosecual@users.noreply.github.com> Date: Thu, 20 Jun 2024 07:08:54 -0500 Subject: [PATCH] p2p/rlpx: 2KB maximum size for handshake messages (#30029) Co-authored-by: Felix Lange --- p2p/rlpx/rlpx.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/p2p/rlpx/rlpx.go b/p2p/rlpx/rlpx.go index a338490e62..dd14822dee 100644 --- a/p2p/rlpx/rlpx.go +++ b/p2p/rlpx/rlpx.go @@ -604,6 +604,11 @@ func (h *handshakeState) readMsg(msg interface{}, prv *ecdsa.PrivateKey, r io.Re } size := binary.BigEndian.Uint16(prefix) + // baseProtocolMaxMsgSize = 2 * 1024 + if size > 2048 { + return nil, errors.New("message too big") + } + // Read the handshake packet. packet, err := h.rbuf.read(r, int(size)) if err != nil {