From e01926bd1cf9d6b06cc5f12cd16d7a7e4a03113a Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 28 Jun 2019 22:06:05 +0100
Subject: [PATCH] reject giant messages

---
 daemon.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/daemon.py b/daemon.py
index 6823269b..43064692 100644
--- a/daemon.py
+++ b/daemon.py
@@ -18,6 +18,7 @@ from webfinger import webfingerLookup
 from person import personLookup
 from person import personKeyLookup
 import os
+import sys
 
 # domain name of this server
 thisDomain=''
@@ -25,6 +26,9 @@ thisDomain=''
 # List of domains to federate with
 federationList=[]
 
+# Avoid giant messages
+maxMessageLength=5000
+
 def readFollowList(filename: str):
     """Returns a list of ActivityPub addresses to follow
     """
@@ -154,7 +158,11 @@ class PubServer(BaseHTTPRequestHandler):
             
         # read the message and convert it into a python dictionary
         length = int(self.headers.getheader('content-length'))
-        message = json.loads(self.rfile.read(length))
+        if length>maxMessageLength:
+            self.send_response(400)
+            self.end_headers()
+            return
+        message = json.loads(self.rfile.read(length))        
 
         if not self._permittedMessage(message):
             self._404()