收到非法请求时可能出现panic

[lixzzxil]

收到非法请求时，conn.go的L38（size, err := readUvarint(r)）可能会解析出一个非常大的size， 然后在L43 make slice（data = make([]byte, size)）时会申请巨大的内存，导致出现panic。 复现： 1.启动rpc server 2.客户端启动tcp client，并和rpc server建立连接 3.tcp client向rpc server发数据，如：n, err := conn.Write([]byte{0xff, 0xff, 0xff, 0xff, 0xff, 0x01}) 4.rpc server出现panic，如下： fatal error: runtime: out of memory

runtime stack: runtime.throw(0xa46104, 0x16) /home/go/src/runtime/panic.go:1116 +0x72 runtime.sysMap(0xc084000000, 0x1000000000, 0xe16538) /home/go/src/runtime/mem_linux.go:169 +0xc6 runtime.(mheap).sysAlloc(0xdfb120, 0x1000000000, 0x42d9f7, 0xdfb128) /home/go/src/runtime/malloc.go:727 +0x1e5 runtime.(mheap).grow(0xdfb120, 0x800000, 0x0) /home/go/src/runtime/mheap.go:1344 +0x85 runtime.(mheap).allocSpan(0xdfb120, 0x800000, 0x100, 0xe16548, 0xc0295beba0) /home/go/src/runtime/mheap.go:1160 +0x6b6 runtime.(mheap).alloc.func1() /home/go/src/runtime/mheap.go:907 +0x65 runtime.(*mheap).alloc(0xdfb120, 0x800000, 0xc05f7a0101, 0xde3bc0) /home/go/src/runtime/mheap.go:901 +0x85 runtime.largeAlloc(0xfffffffff, 0x101, 0xc0295b9a18) /home/go/src/runtime/malloc.go:1177 +0x92 runtime.mallocgc.func1() /home/go/src/runtime/malloc.go:1071 +0x46 runtime.systemstack(0x46b314) /home/go/src/runtime/asm_amd64.s:370 +0x66 runtime.mstart() /home/go/src/runtime/proc.go:1116

goroutine 39159 [running]: runtime.systemstack_switch() /home/go/src/runtime/asm_amd64.s:330 fp=0xc0295b9ac8 sp=0xc0295b9ac0 pc=0x46b440 runtime.mallocgc(0xfffffffff, 0x96e860, 0x1, 0x24) /home/go/src/runtime/malloc.go:1070 +0x938 fp=0xc0295b9b68 sp=0xc0295b9ac8 pc=0x40fa18 runtime.makeslice(0x96e860, 0xfffffffff, 0xfffffffff, 0x1) /home/go/src/runtime/slice.go:98 +0x6c fp=0xc0295b9b98 sp=0xc0295b9b68 pc=0x44e68c github.com/chai2010/protorpc.recvFrame(0xae8e40, 0xc023b09388, 0x2, 0xc0512eb6c0, 0x1d, 0x0, 0x0) /home/gopath/src/github.com/chai2010/protorpc/conn.go:45 +0x105 fp=0xc0295b9c00 sp=0xc0295b9b98 pc=0x8abf25 github.com/chai2010/protorpc.readRequestHeader(0xae8e40, 0xc023b09388, 0xc051473230, 0x0, 0x7f7ba2922e00) /home/gopath/src/github.com/chai2010/protorpc/wire.go:64 +0x39 fp=0xc0295b9c48 sp=0xc0295b9c00 pc=0x8ad3d9 github.com/chai2010/protorpc.(serverCodec).ReadRequestHeader(0xc0026e84d0, 0xc051d97340, 0x200000003, 0xc05f7acc00) /home/gopath/src/github.com/chai2010/protorpc/server.go:51 +0xb0 fp=0xc0295b9ce0 sp=0xc0295b9c48 pc=0x8ac670 net/rpc.(Server).readRequestHeader(0xc003cced70, 0xaf4460, 0xc0026e84d0, 0x40f450, 0xc0295bee78, 0x203014, 0xc0295bee20, 0x407cd5, 0x43a71c) /home/go/src/net/rpc/server.go:583 +0x6c fp=0xc0295b9db8 sp=0xc0295b9ce0 pc=0x8a72cc net/rpc.(Server).readRequest(0xc003cced70, 0xaf4460, 0xc0026e84d0, 0x4079a8, 0xc0004b7138, 0xc0005809a8, 0xc0295befb0, 0xc0295bef18, 0x0, 0x0, ...) /home/go/src/net/rpc/server.go:543 +0x5a fp=0xc0295b9ea8 sp=0xc0295b9db8 pc=0x8a6bba net/rpc.(Server).ServeCodec(0xc003cced70, 0xaf4460, 0xc0026e84d0) /home/go/src/net/rpc/server.go:458 +0x9d fp=0xc0295b9fc8 sp=0xc0295b9ea8 pc=0x8a611d runtime.goexit() /home/go/src/runtime/asm_amd64.s:1374 +0x1 fp=0xc0295b9fd0 sp=0xc0295b9fc8 pc=0x46d221 created by ... ... serveTcp

[chai2010]

https://github.com/chai2010/protorpc/commit/9011b14ea88e43e71ba75029f1c010f0e8d9c838 增加了frame大小限制