beenull/sftpgo-mirror
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2024-11-25 00:50:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

httpfs: limit body size

Browse source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2023-10-07 11:28:16 +02:00
parent 64c7588a44
commit 19a95d8c55
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF
2 changed files with 36 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
internal/dataprovider/node.go
View file

@ -232,9 +232,13 @@ func (n *Node) SendGetRequest(username, role, relativeURL string, responseHolder
if resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusNoContent { if resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusNoContent {
return fmt.Errorf("unexpected status code: %d", resp.StatusCode) return fmt.Errorf("unexpected status code: %d", resp.StatusCode)
} }
err = json.NewDecoder(resp.Body).Decode(responseHolder) respBody, err := io.ReadAll(io.LimitReader(resp.Body, 10485760))
if err != nil { if err != nil {
return fmt.Errorf("unable to decode response as json") return fmt.Errorf("unable to read response body: %w", err)
}
err = json.Unmarshal(respBody, responseHolder)
if err != nil {
return errors.New("unable to decode response as json")
} }
return nil return nil
} }

36
internal/vfs/httpfs.go
View file

@ -44,7 +44,8 @@ import (
const ( const (
// httpFsName is the name for the HTTP Fs implementation // httpFsName is the name for the HTTP Fs implementation
httpFsName = "httpfs" httpFsName = "httpfs"
maxHTTPFsResponseSize = 1048576
) )
var ( var (
@ -283,8 +284,12 @@ func (fs *HTTPFs) Stat(name string) (os.FileInfo, error) {
} }
defer resp.Body.Close() defer resp.Body.Close()
respBody, err := io.ReadAll(io.LimitReader(resp.Body, maxHTTPFsResponseSize))
if err != nil {
return nil, err
}
var response statResponse var response statResponse
err = json.NewDecoder(resp.Body).Decode(&response) err = json.Unmarshal(respBody, &response)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -479,8 +484,12 @@ func (fs *HTTPFs) ReadDir(dirname string) ([]os.FileInfo, error) {
} }
defer resp.Body.Close() defer resp.Body.Close()
respBody, err := io.ReadAll(io.LimitReader(resp.Body, maxHTTPFsResponseSize*10))
if err != nil {
return nil, err
}
var response []statResponse var response []statResponse
err = json.NewDecoder(resp.Body).Decode(&response) err = json.Unmarshal(respBody, &response)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -550,8 +559,13 @@ func (fs *HTTPFs) GetDirSize(dirname string) (int, int64, error) {
} }
defer resp.Body.Close() defer resp.Body.Close()
respBody, err := io.ReadAll(io.LimitReader(resp.Body, maxHTTPFsResponseSize))
if err != nil {
return 0, 0, err
}
var response dirSizeResponse var response dirSizeResponse
err = json.NewDecoder(resp.Body).Decode(&response) err = json.Unmarshal(respBody, &response)
if err != nil { if err != nil {
return 0, 0, err return 0, 0, err
} }
@ -621,8 +635,13 @@ func (fs *HTTPFs) GetMimeType(name string) (string, error) {
} }
defer resp.Body.Close() defer resp.Body.Close()
respBody, err := io.ReadAll(io.LimitReader(resp.Body, maxHTTPFsResponseSize))
if err != nil {
return "", err
}
var response mimeTypeResponse var response mimeTypeResponse
err = json.NewDecoder(resp.Body).Decode(&response) err = json.Unmarshal(respBody, &response)
if err != nil { if err != nil {
return "", err return "", err
} }
@ -646,8 +665,13 @@ func (fs *HTTPFs) GetAvailableDiskSize(dirName string) (*sftp.StatVFS, error) {
} }
defer resp.Body.Close() defer resp.Body.Close()
respBody, err := io.ReadAll(io.LimitReader(resp.Body, maxHTTPFsResponseSize))
if err != nil {
return nil, err
}
var response statVFSResponse var response statVFSResponse
err = json.NewDecoder(resp.Body).Decode(&response) err = json.Unmarshal(respBody, &response)
if err != nil { if err != nil {
return nil, err return nil, err
} }