diff options
author | Christian Pointner <equinox@helsinki.at> | 2016-04-02 05:51:24 (GMT) |
---|---|---|
committer | Christian Pointner <equinox@helsinki.at> | 2016-04-02 05:51:24 (GMT) |
commit | abc61fa4330ed00a816aa25f9fcd4daeda8a41bd (patch) | |
tree | 3145c5d2b5fcb9e30270ae82e89e2e4aa737cb6b /src/rhimportd | |
parent | 89075959bf7ff1832cc38414a1ae392a49536294 (diff) |
limit maximum upload size
Diffstat (limited to 'src/rhimportd')
-rw-r--r-- | src/rhimportd/uploadWeb.go | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/rhimportd/uploadWeb.go b/src/rhimportd/uploadWeb.go index 02d918c..e0326ad 100644 --- a/src/rhimportd/uploadWeb.go +++ b/src/rhimportd/uploadWeb.go @@ -57,6 +57,10 @@ func webUploadResponse(w http.ResponseWriter, file string) { encoder.Encode(respdata) } +const ( + webUploadMaxRequestSize = 2 << 30 // 2GB +) + func webUploadHandler(conf *rhimport.Config, db *rddb.DBChan, sessions *rhimport.SessionStoreChan, trusted bool, w http.ResponseWriter, r *http.Request) { if r.Method == "GET" { http.ServeFile(w, r, "./html/upload-form.html") @@ -69,7 +73,14 @@ func webUploadHandler(conf *rhimport.Config, db *rddb.DBChan, sessions *rhimport return } - if err := r.ParseMultipartForm(2 << 30); err != nil { // TODO: howto limit max file size??? + // This is from: stackoverflow.com/questions/26392196 + if r.ContentLength > webUploadMaxRequestSize { + rhl.Printf("WebUploadHandler: request ist to large: %d > %d", r.ContentLength, webUploadMaxRequestSize) + webUploadErrorResponse(w, http.StatusExpectationFailed, "request too large") + return + } + r.Body = http.MaxBytesReader(w, r.Body, webUploadMaxRequestSize) + if err := r.ParseMultipartForm(32 << 10); err != nil { rhl.Printf("WebUploadHandler: error while parsing multi-part-form: %v", err) webUploadErrorResponse(w, http.StatusBadRequest, err.Error()) return |