zeromicro/go-zero
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

check content length before reading

Browse Source
This commit is contained in:
kevin
2020-08-10 17:55:19 +08:00
parent ba636187ce
commit 215b4bae3b
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
rest/handler/cryptionhandler.go
View File

@@ -3,6 +3,7 @@ package handler
import ( import (
"bytes" "bytes"
"encoding/base64" "encoding/base64"
"errors"
"io" "io"
"io/ioutil" "io/ioutil"
"net/http" "net/http"
@@ -13,6 +14,8 @@ import (
const maxBytes = 1 << 20 // 1 MiB const maxBytes = 1 << 20 // 1 MiB
var errContentLengthExceeded = errors.New("content length exceeded")
func CryptionHandler(key []byte) func(http.Handler) http.Handler { func CryptionHandler(key []byte) func(http.Handler) http.Handler {
return func(next http.Handler) http.Handler { return func(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -35,6 +38,10 @@ func CryptionHandler(key []byte) func(http.Handler) http.Handler {
} }
func decryptBody(key []byte, r *http.Request) error { func decryptBody(key []byte, r *http.Request) error {
if r.ContentLength > maxBytes {
return errContentLengthExceeded
}
content, err := ioutil.ReadAll(io.LimitReader(r.Body, maxBytes)) content, err := ioutil.ReadAll(io.LimitReader(r.Body, maxBytes))
if err != nil { if err != nil {
return err return err