From 0d67b37d963f5df5e01ab589c3b7a198e8480425 Mon Sep 17 00:00:00 2001 From: hwipl <33433250+hwipl@users.noreply.github.com> Date: Tue, 12 Mar 2024 18:05:52 +0100 Subject: [PATCH 1/3] Increase maximum payload length in Unix Socket API message Increase the maximum payload length in the Unix Socket API message from 32768 bytes to 2097152 bytes. Signed-off-by: hwipl <33433250+hwipl@users.noreply.github.com> --- internal/api/message.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/api/message.go b/internal/api/message.go index a1f4207..59586d7 100644 --- a/internal/api/message.go +++ b/internal/api/message.go @@ -8,7 +8,7 @@ import ( const ( // MaxPayloadLength is the maximum allowed length of a message payload. - MaxPayloadLength = 32768 + MaxPayloadLength = 2097152 ) // Message types. @@ -23,7 +23,7 @@ const ( // Header is a message header. type Header struct { Type uint16 - Length uint16 + Length uint32 } // Message is an API message. @@ -40,7 +40,7 @@ func NewMessage(t uint16, p []byte) *Message { return &Message{ Header: Header{ Type: t, - Length: uint16(len(p)), + Length: uint32(len(p)), }, Value: p, } From 808b5fd788bbb638ae2e2b9bd0c6d2eb702df15d Mon Sep 17 00:00:00 2001 From: hwipl <33433250+hwipl@users.noreply.github.com> Date: Tue, 12 Mar 2024 18:09:28 +0100 Subject: [PATCH 2/3] Check if API message creation was successful in vpncscript Signed-off-by: hwipl <33433250+hwipl@users.noreply.github.com> --- internal/vpncscript/client.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/internal/vpncscript/client.go b/internal/vpncscript/client.go index c62b779..d3b2830 100644 --- a/internal/vpncscript/client.go +++ b/internal/vpncscript/client.go @@ -26,6 +26,9 @@ func runClient(socketFile string, configUpdate *daemon.VPNConfigUpdate) error { return fmt.Errorf("VPNCScript could not convert config update to JSON: %w", err) } msg := api.NewMessage(api.TypeVPNConfigUpdate, b) + if msg == nil { + return fmt.Errorf("VPNCScript could not create message: invalid message") + } err = api.WriteMessage(conn, msg) if err != nil { return fmt.Errorf("VPNCScript could not send message to Daemon: %w", err) From 084b1777222fe8a78ee804e22d79992c574f6d30 Mon Sep 17 00:00:00 2001 From: hwipl <33433250+hwipl@users.noreply.github.com> Date: Tue, 12 Mar 2024 18:10:50 +0100 Subject: [PATCH 3/3] Add maximum payload length tests to vpncscript Signed-off-by: hwipl <33433250+hwipl@users.noreply.github.com> --- internal/vpncscript/client_test.go | 54 ++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/internal/vpncscript/client_test.go b/internal/vpncscript/client_test.go index ca448ac..65e45c6 100644 --- a/internal/vpncscript/client_test.go +++ b/internal/vpncscript/client_test.go @@ -2,10 +2,12 @@ package vpncscript import ( "path/filepath" + "strings" "testing" "github.com/telekom-mms/oc-daemon/internal/api" "github.com/telekom-mms/oc-daemon/internal/daemon" + "github.com/telekom-mms/oc-daemon/pkg/vpnconfig" ) // TestRunClient tests runClient. @@ -44,4 +46,56 @@ func TestRunClient(t *testing.T) { t.Fatal(err) } server.Stop() + + // helper for config update creation + getConfUpdate := func(length int) *daemon.VPNConfigUpdate { + exclude := "a.too.long.example.com" + conf := vpnconfig.New() + conf.Split.ExcludeDNS = []string{exclude} + confUpdate := daemon.NewVPNConfigUpdate() + confUpdate.Config = conf + + // check length + b, err := confUpdate.JSON() + if err != nil { + t.Fatal(err) + } + n := length - len(b) + + // increase length to maximum + exclude = strings.Repeat("a", n) + exclude + conf.Split.ExcludeDNS = []string{exclude} + + return confUpdate + } + + // test with maximum payload length + server = api.NewServer(config) + go func() { + for r := range server.Requests() { + r.Close() + } + }() + if err := server.Start(); err != nil { + t.Fatal(err) + } + if err := runClient(sockfile, getConfUpdate(api.MaxPayloadLength)); err != nil { + t.Fatal(err) + } + server.Stop() + + // test with more than maximum payload length + server = api.NewServer(config) + go func() { + for r := range server.Requests() { + r.Close() + } + }() + if err := server.Start(); err != nil { + t.Fatal(err) + } + if err := runClient(sockfile, getConfUpdate(api.MaxPayloadLength+1)); err == nil { + t.Fatal("too long message should return error") + } + server.Stop() }