Close TCP connection when received message size is too large. (#33768)

pidarped · web-flow · commit 4239c887d575 · 2024-06-07T03:05:42.000Z
When the framing length value of a received message is larger than what the local node can process, abort the connection with the peer. Sending a StatusResponse message back to the peer as a notification may not be feasible in all circumstances for reasons, such as: 1) It would require a cross-layered feedback up to the Exchange layer to generate such a message in response to a failure at the transport layer. 2) A Status Response is sent in response to a message on an ExchangeContext and that may not be the case in scnearios where this message is the first unsolicited message. The receiver could drain out the bits from the offending message and move on to the next message in the stream but that may not guarantee correct behavior and would consume resources unnecessarily. Given that the peer was already aware of the max length this node was willing to receive during its TCP advertisement, it seems prudent to fail fast and close the connection. Fixes #33307.
diff --git a/src/transport/raw/TCP.cpp b/src/transport/raw/TCP.cpp
@@ -331,7 +331,10 @@ CHIP_ERROR TCPBase::ProcessReceivedBuffer(Inet::TCPEndPoint * endPoint, const Pe
         uint32_t messageSize = LittleEndian::Get32(messageSizeBuf);
         if (messageSize >= kMaxTCPMessageSize)
         {
-            // This message is too long for upper layers.
+            // Message is too big for this node to process. Disconnect from peer.
+            ChipLogError(Inet, "Received TCP message of length %" PRIu32 " exceeds limit.", messageSize);
+            CloseConnectionInternal(state, CHIP_ERROR_MESSAGE_TOO_LONG, SuppressCallback::No);
+
             return CHIP_ERROR_MESSAGE_TOO_LONG;
         }
         // The subtraction will not underflow because we successfully read kPacketSizeBytes.
diff --git a/src/transport/raw/tests/TestTCP.cpp b/src/transport/raw/tests/TestTCP.cpp
@@ -682,7 +682,9 @@ TEST_F(TestTCP, CheckProcessReceivedBuffer)
     EXPECT_EQ(err, CHIP_ERROR_MESSAGE_TOO_LONG);
     EXPECT_EQ(gMockTransportMgrDelegate.mReceiveHandlerCallCount, 0);
 
-    gMockTransportMgrDelegate.DisconnectTest(tcp, addr);
+    // The receipt of a message exceeding the allowed size should have
+    // closed the connection.
+    EXPECT_EQ(TestAccess::GetEndpoint(state), nullptr);
 }
 
 } // namespace

Original file line number	Diff line number	Diff line change
`@@ -331,7 +331,10 @@ CHIP_ERROR TCPBase::ProcessReceivedBuffer(Inet::TCPEndPoint * endPoint, const Pe`
`331`	`331`	`uint32_t messageSize = LittleEndian::Get32(messageSizeBuf);`
`332`	`332`	`if (messageSize >= kMaxTCPMessageSize)`
`333`	`333`	`{`
`334`		`- // This message is too long for upper layers.`
	`334`	`+ // Message is too big for this node to process. Disconnect from peer.`
	`335`	`+ ChipLogError(Inet, "Received TCP message of length %" PRIu32 " exceeds limit.", messageSize);`
	`336`	`+ CloseConnectionInternal(state, CHIP_ERROR_MESSAGE_TOO_LONG, SuppressCallback::No);`
	`337`	`+`
`335`	`338`	`return CHIP_ERROR_MESSAGE_TOO_LONG;`
`336`	`339`	`}`
`337`	`340`	`// The subtraction will not underflow because we successfully read kPacketSizeBytes.`
Original file line number	Diff line number	Diff line change
`@@ -682,7 +682,9 @@ TEST_F(TestTCP, CheckProcessReceivedBuffer)`
`682`	`682`	`EXPECT_EQ(err, CHIP_ERROR_MESSAGE_TOO_LONG);`
`683`	`683`	`EXPECT_EQ(gMockTransportMgrDelegate.mReceiveHandlerCallCount, 0);`
`684`	`684`
`685`		`- gMockTransportMgrDelegate.DisconnectTest(tcp, addr);`
	`685`	`+ // The receipt of a message exceeding the allowed size should have`
	`686`	`+ // closed the connection.`
	`687`	`+ EXPECT_EQ(TestAccess::GetEndpoint(state), nullptr);`
`686`	`688`	`}`
`687`	`689`
`688`	`690`	`} // namespace`