[Backport 7.x] Throw if the content length is too big (#1361)

Co-authored-by: Tomas Della Vedova <delvedor@users.noreply.github.com>

lib/Transport.js

@@ -22,6 +22,7 @@
 const debug = require('debug')('elasticsearch')
 const os = require('os')
 const { gzip, unzip, createGzip } = require('zlib')
+const buffer = require('buffer')
 const ms = require('ms')
 const {
   ConnectionError,
@@ -35,6 +36,8 @@ const noop = () => {}
 
 const clientVersion = require('../package.json').version
 const userAgent = `elasticsearch-js/${clientVersion} (${os.platform()} ${os.release()}-${os.arch()}; Node.js ${process.version})`
+const MAX_BUFFER_LENGTH = buffer.constants.MAX_LENGTH
+const MAX_STRING_LENGTH = buffer.constants.MAX_STRING_LENGTH
 
 class Transport {
   constructor (opts) {
@@ -218,6 +221,22 @@ class Transport {
 
       const contentEncoding = (result.headers['content-encoding'] || '').toLowerCase()
       const isCompressed = contentEncoding.indexOf('gzip') > -1 || contentEncoding.indexOf('deflate') > -1
+
+      /* istanbul ignore else */
+      if (result.headers['content-length'] !== undefined) {
+        const contentLength = Number(result.headers['content-length'])
+        if (isCompressed && contentLength > MAX_BUFFER_LENGTH) {
+          response.destroy()
+          return onConnectionError(
+            new RequestAbortedError(`The content length (${contentLength}) is bigger than the maximum allowed buffer (${MAX_BUFFER_LENGTH})`, result)
+          )
+        } else if (contentLength > MAX_STRING_LENGTH) {
+          response.destroy()
+          return onConnectionError(
+            new RequestAbortedError(`The content length (${contentLength}) is bigger than the maximum allowed string (${MAX_STRING_LENGTH})`, result)
+          )
+        }
+      }
       // if the response is compressed, we must handle it
       // as buffer for allowing decompression later
       let payload = isCompressed ? [] : ''