aboutsummaryrefslogtreecommitdiffstats
path: root/lib/diameter/src/base/diameter.erl
diff options
context:
space:
mode:
authorAnders Svensson <[email protected]>2015-03-25 07:21:46 +0100
committerAnders Svensson <[email protected]>2015-03-27 07:21:26 +0100
commit545ff7783cebddc2ca5b2af67a6f13b1a01a4d03 (patch)
treeaa5ea245e6bd77ee5df12e61f682a3f5903e270e /lib/diameter/src/base/diameter.erl
parentaaff5f36b836c65a72fb38a27e31a88d199a3155 (diff)
downloadotp-545ff7783cebddc2ca5b2af67a6f13b1a01a4d03.tar.gz
otp-545ff7783cebddc2ca5b2af67a6f13b1a01a4d03.tar.bz2
otp-545ff7783cebddc2ca5b2af67a6f13b1a01a4d03.zip
Add service_opt() incoming_maxlen
To bound the length of incoming messages that will be decoded. A message longer than the specified number of bytes is discarded. An incoming_maxlen_exceeded counter is incremented to make note of the occurrence. The motivation is to prevent a sufficiently malicious peer from generating significant load by sending long messages with many AVPs for diameter to decode. The 24-bit message length header accomodates (16#FFFFFF - 20) div 12 = 1398099 Unsigned32 AVPs for example, which the current record-valued decode is too slow with in practice. A bound of 16#FFFF bytes allows for 5461 small AVPs, which is probably more than enough for the majority of applications, but the default is the full 16#FFFFFF.
Diffstat (limited to 'lib/diameter/src/base/diameter.erl')
-rw-r--r--lib/diameter/src/base/diameter.erl5
1 files changed, 5 insertions, 0 deletions
diff --git a/lib/diameter/src/base/diameter.erl b/lib/diameter/src/base/diameter.erl
index 67dfc7bdbf..010f977b97 100644
--- a/lib/diameter/src/base/diameter.erl
+++ b/lib/diameter/src/base/diameter.erl
@@ -45,6 +45,7 @@
-export_type([evaluable/0,
restriction/0,
+ message_length/0,
remotes/0,
sequence/0,
app_alias/0,
@@ -298,6 +299,9 @@ call(SvcName, App, Message) ->
| [node()]
| evaluable().
+-type message_length()
+ :: 0..16#FFFFFF.
+
%% Options passed to start_service/2
-type service_opt()
@@ -307,6 +311,7 @@ call(SvcName, App, Message) ->
| {sequence, sequence() | evaluable()}
| {share_peers, remotes()}
| {string_decode, boolean()}
+ | {incoming_maxlen, message_length()}
| {use_shared_peers, remotes()}
| {spawn_opt, list()}.