22
33import io .vertx .core .Handler ;
44import io .vertx .core .buffer .Buffer ;
5+ import io .vertx .core .net .NetSocket ;
6+ import org .slf4j .Logger ;
7+ import org .slf4j .LoggerFactory ;
58
69/**
710 * 自定义消息结构解析器
1215 */
1316public class TunnelMessageParser implements Handler <Buffer > {
1417
18+ private static final Logger log = LoggerFactory .getLogger (TunnelMessageParser .class );
1519 private Buffer buf = Buffer .buffer ();
1620
21+ /**
22+ * 最大长度,单位字节。防止对方构造超长字段,占用内存。
23+ */
24+ private final int maxLength = 1024 * 1024 ;
25+
1726 /**
1827 * 预设长度起始位置
1928 */
@@ -40,8 +49,12 @@ public class TunnelMessageParser implements Handler<Buffer> {
4049
4150 private final Handler <Buffer > outputHandler ;
4251
43- public TunnelMessageParser (Handler <Buffer > outputHandler ) {
52+ private final NetSocket netSocket ;
53+
54+ public TunnelMessageParser (Handler <Buffer > outputHandler ,
55+ NetSocket netSocket ) {
4456 this .outputHandler = outputHandler ;
57+ this .netSocket = netSocket ;
4558 }
4659
4760 @ Override
@@ -51,6 +64,25 @@ public void handle(Buffer buffer) {
5164 return ;
5265 } else {
5366 int totalLength = buf .getInt (lengthFieldOffset );
67+ // 校验最大长度
68+ if (totalLength > maxLength ) {
69+ log .warn ("too many bytes in length field, connection {} will be closed" , netSocket .remoteAddress ());
70+ netSocket .close ();
71+ return ;
72+ }
73+ // 校验类型编码是否在预设范围内
74+ if (totalLength >= (lengthFieldLength + typeFieldLength )) {
75+ short code = buf .getShort (lengthFieldLength );
76+ try {
77+ TunnelMessageType .fromCode (code );
78+ } catch (Exception e ) {
79+ log .error ("invalid type, connection {} will be closed" , netSocket .remoteAddress (), e );
80+ netSocket .close ();
81+ return ;
82+ }
83+ }
84+
85+ // 校验是否达到预设总长度
5486 if (buf .length () < totalLength ) {
5587 return ;
5688 } else {
0 commit comments