From 20b3d342852cbbeba67551059530c909a5965f7a Mon Sep 17 00:00:00 2001
From: David Theodore <29786815+infosecual@users.noreply.github.com>
Date: Thu, 20 Jun 2024 07:08:54 -0500
Subject: [PATCH] p2p/rlpx: 2KB maximum size for handshake messages (#30029)

Co-authored-by: Felix Lange <fjl@twurst.com>
---
 p2p/rlpx/rlpx.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/p2p/rlpx/rlpx.go b/p2p/rlpx/rlpx.go
index 87b4c5ffa9..b65475cf3f 100644
--- a/p2p/rlpx/rlpx.go
+++ b/p2p/rlpx/rlpx.go
@@ -604,6 +604,11 @@ func (h *handshakeState) readMsg(msg any, prv *ecdsa.PrivateKey, r io.Reader) ([
 	}
 	size := binary.BigEndian.Uint16(prefix)
 
+	// baseProtocolMaxMsgSize = 2 * 1024
+	if size > 2048 {
+		return nil, errors.New("message too big")
+	}
+
 	// Read the handshake packet.
 	packet, err := h.rbuf.read(r, int(size))
 	if err != nil {