From 8abed18d69e8193ad31c093a0b7ee136f53a5771 Mon Sep 17 00:00:00 2001
From: Andrey Borodin <amborodin@acm.org>
Date: Mon, 29 Apr 2019 17:06:11 +0500
Subject: [PATCH] Minimal message validation

Prevent improperly formatted message from breaking into serious disaster
for running process.
---
 sources/io.h               | 7 ++++++-
 sources/relay.h            | 1 +
 third_party/kiwi/kiwi/io.h | 1 -
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/sources/io.h b/sources/io.h
index 6afe3416..2e792fa1 100644
--- a/sources/io.h
+++ b/sources/io.h
@@ -192,7 +192,12 @@ od_read(od_io_t *io, uint32_t time_ms)
 
 	uint32_t size;
 	size = kiwi_read_size((char*)&header, sizeof(header));
-	assert(size > 0);
+	if (size < sizeof(uint32_t) || header.type < 0x20) {
+		// This is not a postgres fe protocol v3 message
+		// We should drop connection ASAP
+		return NULL;
+	}
+	size -= sizeof(uint32_t);
 
 	machine_msg_t *msg;
 	msg = machine_msg_create(sizeof(header) + size);
diff --git a/sources/relay.h b/sources/relay.h
index ddcc510c..0dbf6a01 100644
--- a/sources/relay.h
+++ b/sources/relay.h
@@ -189,6 +189,7 @@ od_relay_process(od_relay_t *relay, int *progress, char *data, int size)
 
 		int body;
 		body = kiwi_read_size(data, sizeof(kiwi_header_t));
+		body -= sizeof(uint32_t);
 
 		int total = sizeof(kiwi_header_t) + body;
 		if (size >= total) {
diff --git a/third_party/kiwi/kiwi/io.h b/third_party/kiwi/kiwi/io.h
index 73b0938f..f06b4fe7 100644
--- a/third_party/kiwi/kiwi/io.h
+++ b/third_party/kiwi/kiwi/io.h
@@ -150,7 +150,6 @@ kiwi_read_size(char *data, uint32_t data_size)
 	/* size */
 	uint32_t size = 0;
 	kiwi_read32(&size, &pos, &pos_size);
-	size -= sizeof(uint32_t);
 	return size;
 }