From 802ce3644dc7aea5931f8afd80543a389dc6e9da Mon Sep 17 00:00:00 2001
From: "M. Mert Yildiran" <mehmet@up9.com>
Date: Thu, 26 Aug 2021 00:12:34 +0300
Subject: [PATCH] Check Kafka header size and fail-fast

---
 tap/extensions/kafka/request.go  | 4 ++++
 tap/extensions/kafka/response.go | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/tap/extensions/kafka/request.go b/tap/extensions/kafka/request.go
index 4847bf777..cb4ac4748 100644
--- a/tap/extensions/kafka/request.go
+++ b/tap/extensions/kafka/request.go
@@ -25,6 +25,10 @@ func ReadRequest(r io.Reader, tcpID *api.TcpID) (apiKey ApiKey, apiVersion int16
 		return 0, 0, fmt.Errorf("A Kafka message cannot be bigger than 1MB")
 	}
 
+	if size < 8 {
+		return 0, 0, fmt.Errorf("A Kafka request header cannot be smaller than 8 bytes")
+	}
+
 	if err = d.err; err != nil {
 		err = dontExpectEOF(err)
 		return 0, 0, err
diff --git a/tap/extensions/kafka/response.go b/tap/extensions/kafka/response.go
index bf7133e12..ac4debf8a 100644
--- a/tap/extensions/kafka/response.go
+++ b/tap/extensions/kafka/response.go
@@ -23,6 +23,10 @@ func ReadResponse(r io.Reader, tcpID *api.TcpID, emitter api.Emitter) (err error
 		return fmt.Errorf("A Kafka message cannot be bigger than 1MB")
 	}
 
+	if size < 4 {
+		return fmt.Errorf("A Kafka response header cannot be smaller than 8 bytes")
+	}
+
 	if err = d.err; err != nil {
 		err = dontExpectEOF(err)
 		return err