limit maximum upload size

1 files changed, 12 insertions, 1 deletions

diff --git a/src/rhimportd/uploadWeb.go b/src/rhimportd/uploadWeb.go
index 02d918c..e0326ad 100644
--- a/src/rhimportd/uploadWeb.go
+++ b/src/rhimportd/uploadWeb.go
@@ -57,6 +57,10 @@ func webUploadResponse(w http.ResponseWriter, file string) {
 	encoder.Encode(respdata)
 }
 
+const (
+	webUploadMaxRequestSize = 2 << 30 // 2GB
+)
+
 func webUploadHandler(conf *rhimport.Config, db *rddb.DBChan, sessions *rhimport.SessionStoreChan, trusted bool, w http.ResponseWriter, r *http.Request) {
 	if r.Method == "GET" {
 		http.ServeFile(w, r, "./html/upload-form.html")
@@ -69,7 +73,14 @@ func webUploadHandler(conf *rhimport.Config, db *rddb.DBChan, sessions *rhimport
 		return
 	}
 
-	if err := r.ParseMultipartForm(2 << 30); err != nil { // TODO: howto limit max file size???
+	// This is from: stackoverflow.com/questions/26392196
+	if r.ContentLength > webUploadMaxRequestSize {
+		rhl.Printf("WebUploadHandler: request ist to large: %d > %d", r.ContentLength, webUploadMaxRequestSize)
+		webUploadErrorResponse(w, http.StatusExpectationFailed, "request too large")
+		return
+	}
+	r.Body = http.MaxBytesReader(w, r.Body, webUploadMaxRequestSize)
+	if err := r.ParseMultipartForm(32 << 10); err != nil {
 		rhl.Printf("WebUploadHandler: error while parsing multi-part-form: %v", err)
 		webUploadErrorResponse(w, http.StatusBadRequest, err.Error())
 		return