fix: limit valid message size (#226)

Add a hard limit of 10kb for a message to be considered valid

Author: achingbrain

src/errors.ts

@@ -10,3 +10,4 @@ export const ERR_UNDEFINED_PARAMETER = 'ERR_UNDEFINED_PARAMETER'
 export const ERR_INVALID_RECORD_DATA = 'ERR_INVALID_RECORD_DATA'
 export const ERR_INVALID_EMBEDDED_KEY = 'ERR_INVALID_EMBEDDED_KEY'
 export const ERR_MISSING_PRIVATE_KEY = 'ERR_MISSING_PRIVATE_KEY'
+export const ERR_RECORD_TOO_LARGE = 'ERR_RECORD_TOO_LARGE'

src/validator.ts

@@ -11,6 +11,11 @@ import type { PublicKey } from '@libp2p/interface-keys'
 
 const log = logger('ipns:validator')
 
+/**
+ * Limit valid IPNS record sizes to 10kb
+ */
+const MAX_RECORD_SIZE = 1024 * 10
+
 /**
  * Validates the given ipns entry against the given public key
  */
@@ -94,6 +99,10 @@ const validateCborDataMatchesPbData = (entry: IPNSEntry): void => {
 }
 
 export const ipnsValidator: ValidateFn = async (key, marshalledData) => {
+  if (marshalledData.byteLength > MAX_RECORD_SIZE) {
+    throw errCode(new Error('record too large'), ERRORS.ERR_RECORD_TOO_LARGE)
+  }
+
   const peerId = peerIdFromRoutingKey(key)
   const receivedEntry = unmarshal(marshalledData)
 

test/validator.spec.ts

@@ -80,4 +80,11 @@ describe('validator', function () {
 
     await expect(ipnsValidator(key, marshalledData)).to.eventually.be.rejected().with.property('code', ERRORS.ERR_INVALID_EMBEDDED_KEY)
   })
+
+  it('should limit the size of incoming records', async () => {
+    const marshalledData = new Uint8Array(1024 * 1024)
+    const key = new Uint8Array()
+
+    await expect(ipnsValidator(key, marshalledData)).to.eventually.be.rejected().with.property('code', ERRORS.ERR_RECORD_TOO_LARGE)
+  })
 })