Is using packets in a networking library a good idea at all?

Question

I've been programming a library for both TCP and UDP networking and thought about using packets. Currently I've implemented a packet class which can be used like the C++ standard library's stream classes (it has << and >> for inputting and reading data). I plan on sending the packets like so:

bytes 1-8        - uint64_t as the size of the packet.
bytes 8-size     - contents of the packet.

But there's a problem. What if a malicious client sends a size measured in terabytes and random garble as the filler? The server's memory is filled with the random garble and it will freeze/crash.

Is it a good idea to let the server decide the maximum allowed size of the received packet?

Or should I discard packets and implement transferring data as streams (where reading/writing would be entirely decided by the user of the library)?

(PS: I'm not a native English speaker, so forgive my possibly hideous usage of the language.)

Answer 1

Yes, set a maximum allowed size on the server side. Set it so that the server won't freeze/crash, but not smaller. Predictable behaviour should be the highest goal.