From 545ff7783cebddc2ca5b2af67a6f13b1a01a4d03 Mon Sep 17 00:00:00 2001
From: Anders Svensson <anders@erlang.org>
Date: Wed, 25 Mar 2015 07:21:46 +0100
Subject: Add service_opt() incoming_maxlen

To bound the length of incoming messages that will be decoded. A message
longer than the specified number of bytes is discarded. An
incoming_maxlen_exceeded counter is incremented to make note of the
occurrence.

The motivation is to prevent a sufficiently malicious peer from
generating significant load by sending long messages with many AVPs for
diameter to decode. The 24-bit message length header accomodates

  (16#FFFFFF - 20) div 12 = 1398099

Unsigned32 AVPs for example, which the current record-valued decode is
too slow with in practice. A bound of 16#FFFF bytes allows for 5461
small AVPs, which is probably more than enough for the majority of
applications, but the default is the full 16#FFFFFF.
---
 lib/diameter/test/diameter_config_SUITE.erl  | 3 +++
 lib/diameter/test/diameter_traffic_SUITE.erl | 9 +++++++++
 2 files changed, 12 insertions(+)

(limited to 'lib/diameter/test')

diff --git a/lib/diameter/test/diameter_config_SUITE.erl b/lib/diameter/test/diameter_config_SUITE.erl
index ea77aa3716..bbdf672291 100644
--- a/lib/diameter/test/diameter_config_SUITE.erl
+++ b/lib/diameter/test/diameter_config_SUITE.erl
@@ -85,6 +85,9 @@
          {string_decode,
           [[true], [false]],
           [[0], [x]]},
+         {incoming_maxlen,
+          [[0], [65536], [16#FFFFFF]],
+          [[-1], [1 bsl 24], [infinity], [false]]},
          {spawn_opt,
           [[[]], [[monitor, link]]],
           [[false]]},
diff --git a/lib/diameter/test/diameter_traffic_SUITE.erl b/lib/diameter/test/diameter_traffic_SUITE.erl
index 10c58ab6e7..7dd9f39f85 100644
--- a/lib/diameter/test/diameter_traffic_SUITE.erl
+++ b/lib/diameter/test/diameter_traffic_SUITE.erl
@@ -59,6 +59,7 @@
          send_unexpected_mandatory_decode/1,
          send_unexpected_mandatory/1,
          send_long/1,
+         send_maxlen/1,
          send_nopeer/1,
          send_noapp/1,
          send_discard/1,
@@ -182,6 +183,7 @@
          {'Acct-Application-Id', [?DIAMETER_APP_ID_ACCOUNTING]},
          {restrict_connections, false},
          {string_decode, Decode},
+         {incoming_maxlen, 1 bsl 21},
          {spawn_opt, [{min_heap_size, 5000}]}
          | [{application, [{dictionary, D},
                            {module, ?MODULE},
@@ -317,6 +319,7 @@ tc() ->
      send_unexpected_mandatory_decode,
      send_unexpected_mandatory,
      send_long,
+     send_maxlen,
      send_nopeer,
      send_noapp,
      send_discard,
@@ -635,6 +638,12 @@ send_long(Config) ->
     ['STA', _SessionId, {'Result-Code', ?SUCCESS} | _]
         = call(Config, Req).
 
+%% Send something longer than the configure incoming_maxlen.
+send_maxlen(Config) ->
+    Req = ['STR', {'Termination-Cause', ?LOGOUT},
+                  {'User-Name', [lists:duplicate(1 bsl 21, $X)]}],
+    {timeout, _} = call(Config, Req).
+
 %% Send something for which pick_peer finds no suitable peer.
 send_nopeer(Config) ->
     Req = ['STR', {'Termination-Cause', ?LOGOUT}],
-- 
cgit v1.2.3