From 5405923aa29247bdc77f7b2bfe2383129173b1a3 Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Tue, 5 Oct 2021 19:21:43 +0200
Subject: [PATCH] Add limit for RSA bits

---
 service.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/service.go b/service.go
index 72ac5a9..11dadda 100644
--- a/service.go
+++ b/service.go
@@ -32,6 +32,10 @@ const serviceNick = "BouncerServ"
 const serviceNickCM = "bouncerserv"
 const serviceRealname = "soju bouncer service"
 
+// maxRSABits is the maximum number of RSA key bits used when generating a new
+// private key.
+const maxRSABits = 8192
+
 var servicePrefix = &irc.Prefix{
 	Name: serviceNick,
 	User: serviceNick,
@@ -641,6 +645,9 @@ func handleServiceCertfpGenerate(dc *downstreamConn, params []string) error {
 	)
 	switch *keyType {
 	case "rsa":
+		if *bits <= 0 || *bits > maxRSABits {
+			return fmt.Errorf("invalid value for -bits")
+		}
 		key, err := rsa.GenerateKey(rand.Reader, *bits)
 		if err != nil {
 			return err