Opened 6 months ago

#26348 new defect

Guard against large reads

Reported by: dcf Owned by:
Priority: Medium Milestone:
Component: Obfuscation/Snowflake Version:
Severity: Normal Keywords: easy
Cc: dcf, arlolra Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Snowflake code calls ioutil.ReadAll from a socket/HTTP in many places in the code: 1 2 3 4 5.

These should all get an io.LimitReader or http.MaxBytesReader with a limit of 100 KB or so. Like this one:

	body, err := ioutil.ReadAll(http.MaxBytesReader(w, req.Body, 100000))
	if err != nil {
		http.Error(w, "Bad request.", http.StatusBadRequest)
		return
	}

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.