M src/lib.rs => src/lib.rs +1 -1
@@ 10,6 10,6 @@ pub use account::{Account, DeviceId};
pub use addr::SufecAddr;
pub use message::{Message, MessageContent};
pub use error::ServerError;
-pub use server::{PORT, connect, send, login, ListeningConn};
+pub use server::{PORT, MAX_FILE_SIZE, connect, send, login, ListeningConn};
pub const MAX_HASHES_PER_MESSAGE: usize = u8::MAX as usize;
M src/server.rs => src/server.rs +6 -0
@@ 6,6 6,7 @@ use crate::crypto::*;
use crate::error::*;
pub const PORT: u16 = 49002;
+pub const MAX_FILE_SIZE: usize = 1024*1024*5; // 5 MiB
/// The first step in connecting to a server for any purpose. Returns the server's key.
/// If you trust it, proceed by passing the returned parameters to `send` or `login`.
@@ 89,6 90,11 @@ impl ListeningConn {
pub fn receive(&mut self) -> Result<Option<(SufecAddr, Message)>, ServerError> {
let length_buf = self.stream.receive(4)?.try_into().unwrap();
let length = u32::from_be_bytes(length_buf) as usize;
+ // 84283 is the max amount by which this transmission can be bigger than the max file size.
+ // Subtract the MAC bytes since those will be added in EncryptedStream::receive.
+ if length > MAX_FILE_SIZE + 84283 - MACBYTES {
+ return Err(ServerError::BadServer("transmission too big"));
+ }
let msg_buf = self.stream.receive(length)?;
self.stream.send(&[0])?;
Ok(decrypt_message(&self.account, &msg_buf, &self.new_eph_sec, &self.old_eph_sec))