From 872001b368e3ff2c82a8b92e6b21f20a64899051 Mon Sep 17 00:00:00 2001
From: better0fdead <better0fdead@tarantool.org>
Date: Tue, 5 Dec 2023 14:30:19 +0300
Subject: [PATCH] connection: fix svacer issue

Changed type of 'length' variable in 'read' function to avoid overflow when calculating it.
---
 connection.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/connection.go b/connection.go
index a92a66d84..617ae37e9 100644
--- a/connection.go
+++ b/connection.go
@@ -1158,7 +1158,7 @@ func (conn *Connection) timeouts() {
 }
 
 func read(r io.Reader, lenbuf []byte) (response []byte, err error) {
-	var length int
+	var length uint64
 
 	if _, err = io.ReadFull(r, lenbuf); err != nil {
 		return
@@ -1167,10 +1167,14 @@ func read(r io.Reader, lenbuf []byte) (response []byte, err error) {
 		err = errors.New("wrong response header")
 		return
 	}
-	length = (int(lenbuf[1]) << 24) +
-		(int(lenbuf[2]) << 16) +
-		(int(lenbuf[3]) << 8) +
-		int(lenbuf[4])
+	length = (uint64(lenbuf[1]) << 24) +
+		(uint64(lenbuf[2]) << 16) +
+		(uint64(lenbuf[3]) << 8) +
+		uint64(lenbuf[4])
+	if length > math.MaxUint32 {
+		err = errors.New("response is too big")
+		return
+	}
 
 	if length == 0 {
 		err = errors.New("response should not be 0 length")