LibIPC: Ensure message sizes do not exceed the limits of u32

We encode the size as a u32, so let's be sure the size does not exceed that storage. This is unlikely to happen, but no reason not to check.
Author: https://github.com/trflynn89 Commit: https://github.com/SerenityOS/serenity/commit/f2db700ae7 Pull-request: https://github.com/SerenityOS/serenity/pull/22545 Issue: https://github.com/SerenityOS/serenity/issues/22358
2024-11-22 07:30:19 +00:00 · 2024-01-02 20:21:30 -05:00 · 2024-01-02 20:21:30 -05:00 · f2db700ae7 · 2024-07-16 19:17:47 +09:00
commit f2db700ae7
parent 91558fa381
1 changed files with 7 additions and 1 deletions
--- a/Userland/Libraries/LibIPC/Message.cpp
+++ b/Userland/Libraries/LibIPC/Message.cpp
@ -4,6 +4,7 @@
 * SPDX-License-Identifier: BSD-2-Clause
 */

+#include <AK/Checked.h>
 #include <LibCore/Socket.h>
 #include <LibIPC/Message.h>
 #include <sched.h>
@ -14,7 +15,12 @@ using MessageSizeType = u32;

 ErrorOr<void> MessageBuffer::transfer_message(Core::LocalSocket& fd_passing_socket, Core::LocalSocket& data_socket)
 {
-    MessageSizeType message_size = data.size();
+    Checked<MessageSizeType> checked_message_size { data.size() };
+
+    if (checked_message_size.has_overflow())
+        return Error::from_string_literal("Message is too large for IPC encoding");
+
+    auto message_size = checked_message_size.value();
    TRY(data.try_prepend(reinterpret_cast<u8 const*>(&message_size), sizeof(message_size)));

    for (auto const& fd : fds)