Merge pull request #2780 from influxdb/http-cluster-panic-2774

Messages over 1GB are probably not valid

cluster/service.go

@@ -13,6 +13,9 @@ import (
 	"github.com/influxdb/influxdb/tsdb"
 )
 
+// MaxMessageSize defines how large a message can be before we reject it
+const MaxMessageSize = 1024 * 1024 * 1024 // 1GB
+
 // Service processes data received over raw TCP connections.
 type Service struct {
 	mu   sync.RWMutex
@@ -194,6 +197,14 @@ func ReadTLV(r io.Reader) (byte, []byte, error) {
 		return 0, nil, fmt.Errorf("read message size: %s", err)
 	}
 
+	if sz == 0 {
+		return 0, nil, fmt.Errorf("invalid message size: %d", sz)
+	}
+
+	if sz >= MaxMessageSize {
+		return 0, nil, fmt.Errorf("max message size of %d exceeded: %d", MaxMessageSize, sz)
+	}
+
 	// Read the value.
 	buf := make([]byte, sz)
 	if _, err := io.ReadFull(r, buf); err != nil {