diff options
| author |  dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> | 2025-01-20 10:01:46 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2025-01-20 10:01:46 +0100 |
| commit | cfe6ac5a42e8d21d3db9a7aff3ac862f401cbf01 (patch) | |
| tree | 20f9e46b0f1c8e896bded5363f578c1c32523286 /vendor/github.com/jackc/pgx/v5/pgproto3/backend.go | |
| parent | [chore]: Bump github.com/gin-contrib/sessions from 1.0.1 to 1.0.2 (#3664) (diff) | |
| download | gotosocial-cfe6ac5a42e8d21d3db9a7aff3ac862f401cbf01.tar.xz | |
[chore]: Bump github.com/jackc/pgx/v5 from 5.7.1 to 5.7.2 (#3663)
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.7.1 to 5.7.2.
- [Changelog](https://github.com/jackc/pgx/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v5.7.1...v5.7.2)
---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Diffstat (limited to 'vendor/github.com/jackc/pgx/v5/pgproto3/backend.go')
| -rw-r--r-- | vendor/github.com/jackc/pgx/v5/pgproto3/backend.go | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/vendor/github.com/jackc/pgx/v5/pgproto3/backend.go b/vendor/github.com/jackc/pgx/v5/pgproto3/backend.go index d146c3384..28cff049a 100644 --- a/vendor/github.com/jackc/pgx/v5/pgproto3/backend.go +++ b/vendor/github.com/jackc/pgx/v5/pgproto3/backend.go @@ -175,7 +175,13 @@ func (b *Backend) Receive() (FrontendMessage, error) { } b.msgType = header[0] - b.bodyLen = int(binary.BigEndian.Uint32(header[1:])) - 4 + + msgLength := int(binary.BigEndian.Uint32(header[1:])) + if msgLength < 4 { + return nil, fmt.Errorf("invalid message length: %d", msgLength) + } + + b.bodyLen = msgLength - 4 if b.maxBodyLen > 0 && b.bodyLen > b.maxBodyLen { return nil, &ExceededMaxBodyLenErr{b.maxBodyLen, b.bodyLen} } @@ -282,9 +288,10 @@ func (b *Backend) SetAuthType(authType uint32) error { return nil } -// SetMaxBodyLen sets the maximum length of a message body in octets. If a message body exceeds this length, Receive will return -// an error. This is useful for protecting against malicious clients that send large messages with the intent of -// causing memory exhaustion. +// SetMaxBodyLen sets the maximum length of a message body in octets. +// If a message body exceeds this length, Receive will return an error. +// This is useful for protecting against malicious clients that send +// large messages with the intent of causing memory exhaustion. // The default value is 0. // If maxBodyLen is 0, then no maximum is enforced. func (b *Backend) SetMaxBodyLen(maxBodyLen int) { |