From f2db700ae7ed4f0fe9bf7229abdd809a750affcc Mon Sep 17 00:00:00 2001
From: Timothy Flynn <trflynn89@pm.me>
Date: Tue, 2 Jan 2024 20:21:30 -0500
Subject: [PATCH] LibIPC: Ensure message sizes do not exceed the limits of u32

We encode the size as a u32, so let's be sure the size does not exceed
that storage. This is unlikely to happen, but no reason not to check.
---
 Userland/Libraries/LibIPC/Message.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/Userland/Libraries/LibIPC/Message.cpp b/Userland/Libraries/LibIPC/Message.cpp
index 0e8889c2a0..a6fe8c7212 100644
--- a/Userland/Libraries/LibIPC/Message.cpp
+++ b/Userland/Libraries/LibIPC/Message.cpp
@@ -4,6 +4,7 @@
  * SPDX-License-Identifier: BSD-2-Clause
  */
 
+#include <AK/Checked.h>
 #include <LibCore/Socket.h>
 #include <LibIPC/Message.h>
 #include <sched.h>
@@ -14,7 +15,12 @@ using MessageSizeType = u32;
 
 ErrorOr<void> MessageBuffer::transfer_message(Core::LocalSocket& fd_passing_socket, Core::LocalSocket& data_socket)
 {
-    MessageSizeType message_size = data.size();
+    Checked<MessageSizeType> checked_message_size { data.size() };
+
+    if (checked_message_size.has_overflow())
+        return Error::from_string_literal("Message is too large for IPC encoding");
+
+    auto message_size = checked_message_size.value();
     TRY(data.try_prepend(reinterpret_cast<u8 const*>(&message_size), sizeof(message_size)));
 
     for (auto const& fd : fds)