Changeset 374d2fc in trunk


Ignore:
Timestamp:
2023-03-10T16:13:15Z (2 years ago)
Author:
GitHub <noreply@…>
Branches:
master
Children:
36cd697, 4e6e78f
Parents:
584127b (diff), ccf1289 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
git-author:
Jean-Paul Calderone <exarkun@…> (2023-03-10 16:13:15)
git-committer:
GitHub <noreply@…> (2023-03-10 16:13:15)
Message:

Merge pull request #1266 from tahoe-lafs/3965.better-max-size

Add more restrictive CBOR content limits to server

Fixes: ticket:3965

Files:
1 added
1 edited

Legend:

Unmodified
Added
Removed

  • TabularUnified src/allmydata/storage/http_server.py

    r584127b r374d2fc  
    607607        """Allocate buckets."""
    608608        upload_secret = authorization[Secrets.UPLOAD]
    609         info = await self._read_encoded(request, _SCHEMAS["allocate_buckets"])
     609        # It's just a list of up to ~256 shares, shouldn't use many bytes.
     610        info = await self._read_encoded(
     611            request, _SCHEMAS["allocate_buckets"], max_size=8192
     612        )
    610613
    611614        # We do NOT validate the upload secret for existing bucket uploads.
     
    774777            raise _HTTPError(http.NOT_FOUND)
    775778
    776         info = await self._read_encoded(request, _SCHEMAS["advise_corrupt_share"])
     779        # The reason can be a string with explanation, so in theory it could be
     780        # longish?
     781        info = await self._read_encoded(
     782            request, _SCHEMAS["advise_corrupt_share"], max_size=32768,
     783        )
    777784        bucket.advise_corrupt_share(info["reason"].encode("utf-8"))
    778785        return b""
     
    873880            raise _HTTPError(http.NOT_FOUND)
    874881
    875         info = await self._read_encoded(request, _SCHEMAS["advise_corrupt_share"])
     882        # The reason can be a string with explanation, so in theory it could be
     883        # longish?
     884        info = await self._read_encoded(
     885            request, _SCHEMAS["advise_corrupt_share"], max_size=32768
     886        )
    876887        self._storage_server.advise_corrupt_share(
    877888            b"mutable", storage_index, share_number, info["reason"].encode("utf-8")
Note: See TracChangeset for help on using the changeset viewer.