Opened 11 months ago

Last modified 2 months ago

#26348 new defect

Guard against large reads

Reported by: dcf Owned by:
Priority: Medium Milestone:
Component: Obfuscation/Snowflake Version:
Severity: Normal Keywords: easy
Cc: dcf, arlolra Actual Points:
Parent ID: Points: 1
Reviewer: Sponsor: Sponsor19


Snowflake code calls ioutil.ReadAll from a socket/HTTP in many places in the code: 1 2 3 4 5.

These should all get an io.LimitReader or http.MaxBytesReader with a limit of 100 KB or so. Like this one:

	body, err := ioutil.ReadAll(http.MaxBytesReader(w, req.Body, 100000))
	if err != nil {
		http.Error(w, "Bad request.", http.StatusBadRequest)

Child Tickets

Change History (1)

comment:1 Changed 2 months ago by gaba

Points: 1
Sponsor: Sponsor19
Note: See TracTickets for help on using tickets.