Commit ce3101d0 authored by Cecylia Bocovich's avatar Cecylia Bocovich
Browse files

Guard against large reads

This is a fix for #26348
parent 5380aaca
......@@ -136,7 +136,7 @@ For snowflake proxies to request a client from the Broker.
*/
func proxyPolls(ctx *BrokerContext, w http.ResponseWriter, r *http.Request) {
id := r.Header.Get("X-Session-ID")
body, err := ioutil.ReadAll(r.Body)
body, err := ioutil.ReadAll(http.MaxBytesReader(w, r.Body, 100000))
if nil != err {
log.Println("Invalid data.")
w.WriteHeader(http.StatusBadRequest)
......@@ -166,7 +166,7 @@ the HTTP response back to the client.
*/
func clientOffers(ctx *BrokerContext, w http.ResponseWriter, r *http.Request) {
startTime := time.Now()
offer, err := ioutil.ReadAll(r.Body)
offer, err := ioutil.ReadAll(http.MaxBytesReader(w, r.Body, 100000))
if nil != err {
log.Println("Invalid data.")
w.WriteHeader(http.StatusBadRequest)
......@@ -213,7 +213,7 @@ func proxyAnswers(ctx *BrokerContext, w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusGone)
return
}
body, err := ioutil.ReadAll(r.Body)
body, err := ioutil.ReadAll(http.MaxBytesReader(w, r.Body, 100000))
if nil != err || nil == body || len(body) <= 0 {
log.Println("Invalid data.")
w.WriteHeader(http.StatusBadRequest)
......
......@@ -91,7 +91,7 @@ func (bc *BrokerChannel) Negotiate(offer *webrtc.SessionDescription) (
switch resp.StatusCode {
case http.StatusOK:
body, err := ioutil.ReadAll(resp.Body)
body, err := ioutil.ReadAll(http.MaxBytesReader(nil, resp.Body, 100000))
if nil != err {
return nil, err
}
......
......@@ -162,7 +162,7 @@ func pollOffer(sid string) *webrtc.SessionDescription {
if resp.StatusCode != http.StatusOK {
log.Printf("broker returns: %d", resp.StatusCode)
} else {
body, err := ioutil.ReadAll(resp.Body)
body, err := ioutil.ReadAll(http.MaxBytesReader(nil, resp.Body, 100000))
if err != nil {
log.Printf("error reading broker response: %s", err)
} else {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment