From 965c726ce39d0e1d2ee2647404199e642990ade4 Mon Sep 17 00:00:00 2001
From: Luca Cominardi <luca.cominardi@gmail.com>
Date: Thu, 19 Oct 2023 16:08:35 +0200
Subject: [PATCH] Fix missing batch length check (#568)

---
 io/zenoh-transport/src/unicast/establishment/accept.rs | 5 +++--
 io/zenoh-transport/src/unicast/establishment/open.rs   | 5 +++--
 io/zenoh-transport/src/unicast/lowlatency/link.rs      | 7 +++++--
 io/zenoh-transport/src/unicast/universal/link.rs       | 6 +++++-
 4 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/io/zenoh-transport/src/unicast/establishment/accept.rs b/io/zenoh-transport/src/unicast/establishment/accept.rs
index c25c4bb873..412affd4ea 100644
--- a/io/zenoh-transport/src/unicast/establishment/accept.rs
+++ b/io/zenoh-transport/src/unicast/establishment/accept.rs
@@ -658,10 +658,11 @@ pub(crate) async fn accept_link(link: &LinkUnicast, manager: &TransportManager)
         .map_err(|e| (e, Some(close::reason::INVALID))));
 
     log::debug!(
-        "New transport link accepted from {} to {}: {}",
+        "New transport link accepted from {} to {}: {}. Batch size: {}.",
         osyn_out.other_zid,
         manager.config.zid,
-        link
+        link,
+        state.zenoh.batch_size,
     );
 
     Ok(())
diff --git a/io/zenoh-transport/src/unicast/establishment/open.rs b/io/zenoh-transport/src/unicast/establishment/open.rs
index 19f94cf26e..dbd4872c3e 100644
--- a/io/zenoh-transport/src/unicast/establishment/open.rs
+++ b/io/zenoh-transport/src/unicast/establishment/open.rs
@@ -573,10 +573,11 @@ pub(crate) async fn open_link(
     }
 
     log::debug!(
-        "New transport link opened from {} to {}: {}",
+        "New transport link opened from {} to {}: {}. Batch size: {}.",
         manager.config.zid,
         iack_out.other_zid,
-        link
+        link,
+        state.zenoh.batch_size,
     );
 
     Ok(transport)
diff --git a/io/zenoh-transport/src/unicast/lowlatency/link.rs b/io/zenoh-transport/src/unicast/lowlatency/link.rs
index f9f949bf99..111936cb95 100644
--- a/io/zenoh-transport/src/unicast/lowlatency/link.rs
+++ b/io/zenoh-transport/src/unicast/lowlatency/link.rs
@@ -212,8 +212,11 @@ async fn rx_task_stream(
         let mut length = [0_u8, 0_u8, 0_u8, 0_u8];
         link.read_exact(&mut length).await?;
         let n = u32::from_le_bytes(length) as usize;
-
-        link.read_exact(&mut buffer[0..n]).await?;
+        let len = buffer.len();
+        let b = buffer.get_mut(0..n).ok_or_else(|| {
+            zerror!("Batch len is invalid. Received {n} but negotiated max len is {len}.")
+        })?;
+        link.read_exact(b).await?;
         Ok(n)
     }
 
diff --git a/io/zenoh-transport/src/unicast/universal/link.rs b/io/zenoh-transport/src/unicast/universal/link.rs
index 8facc9b7b2..c4d19d2b66 100644
--- a/io/zenoh-transport/src/unicast/universal/link.rs
+++ b/io/zenoh-transport/src/unicast/universal/link.rs
@@ -294,7 +294,11 @@ async fn rx_task_stream(
         let mut length = [0_u8, 0_u8];
         link.read_exact(&mut length).await?;
         let n = BatchSize::from_le_bytes(length) as usize;
-        link.read_exact(&mut buffer[0..n]).await?;
+        let len = buffer.len();
+        let b = buffer.get_mut(0..n).ok_or_else(|| {
+            zerror!("Batch len is invalid. Received {n} but negotiated max len is {len}.")
+        })?;
+        link.read_exact(b).await?;
         Ok(Action::Read(n))
     }