httpfs: limit body size

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino 2023-10-07 11:28:16 +02:00
parent 64c7588a44
commit 19a95d8c55
No known key found for this signature in database
GPG key ID: 935D2952DEC4EECF
2 changed files with 36 additions and 8 deletions

View file

@ -232,9 +232,13 @@ func (n *Node) SendGetRequest(username, role, relativeURL string, responseHolder
if resp.StatusCode < http.StatusOK || resp.StatusCode > http.StatusNoContent {
return fmt.Errorf("unexpected status code: %d", resp.StatusCode)
}
err = json.NewDecoder(resp.Body).Decode(responseHolder)
respBody, err := io.ReadAll(io.LimitReader(resp.Body, 10485760))
if err != nil {
return fmt.Errorf("unable to decode response as json")
return fmt.Errorf("unable to read response body: %w", err)
}
err = json.Unmarshal(respBody, responseHolder)
if err != nil {
return errors.New("unable to decode response as json")
}
return nil
}

View file

@ -45,6 +45,7 @@ import (
const (
// httpFsName is the name for the HTTP Fs implementation
httpFsName = "httpfs"
maxHTTPFsResponseSize = 1048576
)
var (
@ -283,8 +284,12 @@ func (fs *HTTPFs) Stat(name string) (os.FileInfo, error) {
}
defer resp.Body.Close()
respBody, err := io.ReadAll(io.LimitReader(resp.Body, maxHTTPFsResponseSize))
if err != nil {
return nil, err
}
var response statResponse
err = json.NewDecoder(resp.Body).Decode(&response)
err = json.Unmarshal(respBody, &response)
if err != nil {
return nil, err
}
@ -479,8 +484,12 @@ func (fs *HTTPFs) ReadDir(dirname string) ([]os.FileInfo, error) {
}
defer resp.Body.Close()
respBody, err := io.ReadAll(io.LimitReader(resp.Body, maxHTTPFsResponseSize*10))
if err != nil {
return nil, err
}
var response []statResponse
err = json.NewDecoder(resp.Body).Decode(&response)
err = json.Unmarshal(respBody, &response)
if err != nil {
return nil, err
}
@ -550,8 +559,13 @@ func (fs *HTTPFs) GetDirSize(dirname string) (int, int64, error) {
}
defer resp.Body.Close()
respBody, err := io.ReadAll(io.LimitReader(resp.Body, maxHTTPFsResponseSize))
if err != nil {
return 0, 0, err
}
var response dirSizeResponse
err = json.NewDecoder(resp.Body).Decode(&response)
err = json.Unmarshal(respBody, &response)
if err != nil {
return 0, 0, err
}
@ -621,8 +635,13 @@ func (fs *HTTPFs) GetMimeType(name string) (string, error) {
}
defer resp.Body.Close()
respBody, err := io.ReadAll(io.LimitReader(resp.Body, maxHTTPFsResponseSize))
if err != nil {
return "", err
}
var response mimeTypeResponse
err = json.NewDecoder(resp.Body).Decode(&response)
err = json.Unmarshal(respBody, &response)
if err != nil {
return "", err
}
@ -646,8 +665,13 @@ func (fs *HTTPFs) GetAvailableDiskSize(dirName string) (*sftp.StatVFS, error) {
}
defer resp.Body.Close()
respBody, err := io.ReadAll(io.LimitReader(resp.Body, maxHTTPFsResponseSize))
if err != nil {
return nil, err
}
var response statVFSResponse
err = json.NewDecoder(resp.Body).Decode(&response)
err = json.Unmarshal(respBody, &response)
if err != nil {
return nil, err
}