[feat](protocol): enforce 4KiB hard limit on Protobuf body and stream payloads

- Added safeguards to restrict HTTP body and stream payload sizes to 4KiB (`StreamChunkSize`) in the Protobuf codec. - Updated client logic to apply consistent limits for streaming and non-streaming scenarios. - Improved error handling with clear messages for oversized payloads.
2025-12-09 13:25:44 +09:00 · 2025-12-08 22:38:34 +09:00
parent c81e2c4a81
commit 798ad75e39
2 changed files with 33 additions and 8 deletions
--- a/internal/protocol/codec.go
+++ b/internal/protocol/codec.go
@@ -57,6 +57,24 @@ func (protobufCodec) Encode(w io.Writer, env *Envelope) error {
 	if err != nil {
 		return err
 	}
+
+	// Body/stream payload 하드 리밋: 4KiB (StreamChunkSize).
+	// HTTP 단일 Envelope 및 스트림 기반 프레임 모두에서 payload 가 이 값을 넘지 않도록 강제합니다.
+	// Enforce a 4KiB hard limit (StreamChunkSize) for HTTP bodies and stream payloads.
+	switch env.Type {
+	case MessageTypeHTTP:
+		if env.HTTPRequest != nil && len(env.HTTPRequest.Body) > int(StreamChunkSize) {
+			return fmt.Errorf("protobuf codec: http request body too large: %d bytes (max %d)", len(env.HTTPRequest.Body), StreamChunkSize)
+		}
+		if env.HTTPResponse != nil && len(env.HTTPResponse.Body) > int(StreamChunkSize) {
+			return fmt.Errorf("protobuf codec: http response body too large: %d bytes (max %d)", len(env.HTTPResponse.Body), StreamChunkSize)
+		}
+	case MessageTypeStreamData:
+		if env.StreamData != nil && len(env.StreamData.Data) > int(StreamChunkSize) {
+			return fmt.Errorf("protobuf codec: stream data payload too large: %d bytes (max %d)", len(env.StreamData.Data), StreamChunkSize)
+		}
+	}
+
 	data, err := proto.Marshal(pbEnv)
 	if err != nil {
 		return fmt.Errorf("protobuf marshal envelope: %w", err)