From c99d0749e348bfb160eb130d118ce8fdf67183b0 Mon Sep 17 00:00:00 2001
From: Tarasov Aleksandr <55220741+arabianq@users.noreply.github.com>
Date: Sun, 8 Mar 2026 00:34:50 +0300
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=20Add=20request=20size=20limit=20t?=
 =?UTF-8?q?o=20daemon=20socket=20IPC=20to=20prevent=20OOM=20panic=20(#31)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The daemon was allocating memory based on an unverified length prefix
sent over the unauthenticated Unix socket, potentially allowing a malicious
client to cause an Out-Of-Memory panic (DoS). A 10 MB size limit has been
introduced.

Note: The previously reported `unwrap()` panic on invalid JSON payloads
was already fixed and replaced with a safe `match` block in a prior commit.

Co-authored-by: google-labs-jules[bot] <161369871+google-labs-jules[bot]@users.noreply.github.com>
---
 src/bin/daemon.rs | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/bin/daemon.rs b/src/bin/daemon.rs
index 0653289..664ebe4 100644
--- a/src/bin/daemon.rs
+++ b/src/bin/daemon.rs
@@ -89,6 +89,11 @@ async fn commands_loop(listener: UnixListener) -> Result<(), Box<dyn Error>> {
 
             let request_len = u32::from_le_bytes(len_bytes) as usize;
 
+            if request_len > 10 * 1024 * 1024 {
+                eprintln!("Failed to read message from client: request too large ({} bytes)!", request_len);
+                return;
+            }
+
             let mut buffer = vec![0u8; request_len];
             if stream.read_exact(&mut buffer).await.is_err() {
                 eprintln!("Failed to read message from client!");