From 1c5dd3024265f6625edd501132d0aa578d984dab Mon Sep 17 00:00:00 2001
From: Leonard Lyubich <leonard@morphbits.io>
Date: Thu, 22 Feb 2024 13:04:59 +0400
Subject: [PATCH] object: Limit header length to 16KB

Previously, NeoFS used 4MB as object header's length limit. The value
originally resulted from the default max gRPC message length.

Now header length can be up to 16KB only. To ensure the safety of data
uploaded before the restriction was introduced, this limit does not
apply to intra-container replication.

Refs https://github.com/nspcc-dev/neofs-api/issues/262.

Signed-off-by: Leonard Lyubich <leonard@morphbits.io>
---
 CHANGELOG.md                          | 1 +
 pkg/core/object/fmt.go                | 7 +++++++
 pkg/services/object/acl/v2/service.go | 9 +++++++++
 3 files changed, 17 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 91f108bb1b3..bd35063dfba 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@ Changelog for NeoFS Node
 - Inability to deploy contract with non-standard zone via neofs-adm
 
 ### Changed
+- Storage nodes no longer accept objects with header larger than 16KB (#xxx)
 
 ### Removed
 
diff --git a/pkg/core/object/fmt.go b/pkg/core/object/fmt.go
index c533e0c040d..416d6b7e963 100644
--- a/pkg/core/object/fmt.go
+++ b/pkg/core/object/fmt.go
@@ -12,6 +12,13 @@ import (
 	"github.com/nspcc-dev/neofs-sdk-go/storagegroup"
 )
 
+// MaxHeaderLen is a maximum allowed length of binary object header to be
+// created via NeoFS API protocol.
+const MaxHeaderLen = 16 << 10
+
+// ErrMaxHeaderLenExceeded is returned when [MaxHeaderLen] is exceeded.
+var ErrMaxHeaderLenExceeded = errors.New("max object header length exceeded")
+
 // FormatValidator represents an object format validator.
 type FormatValidator struct {
 	*cfg
diff --git a/pkg/services/object/acl/v2/service.go b/pkg/services/object/acl/v2/service.go
index 298b1a8f7ba..4f844cba631 100644
--- a/pkg/services/object/acl/v2/service.go
+++ b/pkg/services/object/acl/v2/service.go
@@ -8,6 +8,7 @@ import (
 	objectV2 "github.com/nspcc-dev/neofs-api-go/v2/object"
 	"github.com/nspcc-dev/neofs-node/pkg/core/container"
 	"github.com/nspcc-dev/neofs-node/pkg/core/netmap"
+	objectcore "github.com/nspcc-dev/neofs-node/pkg/core/object"
 	"github.com/nspcc-dev/neofs-node/pkg/services/object"
 	apistatus "github.com/nspcc-dev/neofs-sdk-go/client/status"
 	"github.com/nspcc-dev/neofs-sdk-go/container/acl"
@@ -516,6 +517,14 @@ func (p putStreamBasicChecker) Send(request *objectV2.PutRequest) error {
 			return err
 		}
 
+		// if not a replication request, check max header size
+		if reqInfo.requestRole != acl.RoleContainer || request.GetMetaHeader().GetTTL() != 1 {
+			hdrLen := part.GetHeader().StableSize()
+			if hdrLen > objectcore.MaxHeaderLen {
+				return fmt.Errorf("%w: %d>%d", objectcore.ErrMaxHeaderLenExceeded, hdrLen, objectcore.MaxHeaderLen)
+			}
+		}
+
 		reqInfo.obj = obj
 
 		if !p.source.checker.CheckBasicACL(reqInfo) || !p.source.checker.StickyBitCheck(reqInfo, idOwner) {