From 290f53c38cdacd502eb6dda52f2ad207063e3973 Mon Sep 17 00:00:00 2001
From: murilo ijanc
Date: Wed, 25 Mar 2026 15:41:40 -0300
Subject: Limit stdin read in tp, bound protocol drain, document Arc leak

- tp: limit stdin to 64 KiB + 1 byte to reject oversized pastes
  early without unbounded memory allocation
- daemon: bound the oversized-line drain to MAX_LINE_SIZE so a
  client without newlines cannot block beyond the read timeout
- tpd: document intentional Arc::into_raw leak in signal handler
---
 src/daemon.rs | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'src/daemon.rs')

diff --git a/src/daemon.rs b/src/daemon.rs
index f12efd9..12757a3 100644
--- a/src/daemon.rs
+++ b/src/daemon.rs
@@ -298,9 +298,13 @@ fn handle_client(
                 "request too large".into(),
             ));
             writer.write_all(resp.as_bytes())?;
-            // Drain remaining bytes until newline
-            let mut discard = String::new();
-            let _ = reader.read_line(&mut discard);
+            // Drain remaining bytes until newline (bounded to
+            // prevent a client without newlines from blocking
+            // indefinitely beyond the read timeout).
+            let mut discard = Vec::new();
+            let _ = (&mut reader)
+                .take(MAX_LINE_SIZE as u64)
+                .read_until(b'\n', &mut discard);
             continue;
         }
         let line = line.trim();
-- 
cgit v1.2.3