From 3eb15a4451dd1e44ebb86f8b4155d1c0a2393520 Mon Sep 17 00:00:00 2001
From: David Bar-On <david.cdb004@gmail.com>
Date: Sun, 2 Jun 2024 12:41:10 +0300
Subject: [PATCH] Veify that Params JSON size was received and is resonable

---
 src/iperf.h     | 2 ++
 src/iperf_api.c | 5 +++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/iperf.h b/src/iperf.h
index 527e549ed..73621335a 100644
--- a/src/iperf.h
+++ b/src/iperf.h
@@ -425,6 +425,8 @@ struct iperf_test
 
 #define UDP_BUFFER_EXTRA 1024
 
+#define MAX_PARAMS_JSON_STRING 8 * 1024
+
 /* constants for command line arg sanity checks */
 #define MB (1024 * 1024)
 #define MAX_TCP_BUFFER (512 * MB)
diff --git a/src/iperf_api.c b/src/iperf_api.c
index 4c73e8328..c4d455cba 100644
--- a/src/iperf_api.c
+++ b/src/iperf_api.c
@@ -2728,8 +2728,9 @@ JSON_read(int fd)
      * Then read the JSON into a buffer and parse it.  Return a parsed JSON
      * structure, NULL if there was an error.
      */
-    if (Nread(fd, (char*) &nsize, sizeof(nsize), Ptcp) >= 0) {
-	hsize = ntohl(nsize);
+    rc = Nread(fd, (char*) &nsize, sizeof(nsize), Ptcp);
+    hsize = ntohl(nsize);
+    if (rc == sizeof(nsize) && hsize <= MAX_PARAMS_JSON_STRING) {
 	/* Allocate a buffer to hold the JSON */
 	strsize = hsize + 1;              /* +1 for trailing NULL */
 	if (strsize) {