mirror of
https://github.com/astaxie/beego.git
synced 2024-12-22 21:50:50 +00:00
Merge pull request #1486 from KilledKenny/oomDos
Added MaxMemory limit to CopyBody() Supersedes #1484
This commit is contained in:
commit
2aa50c240f
@ -17,6 +17,7 @@ package context
|
||||
import (
|
||||
"bytes"
|
||||
"errors"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"net/url"
|
||||
"reflect"
|
||||
@ -313,8 +314,9 @@ func (input *BeegoInput) Session(key interface{}) interface{} {
|
||||
}
|
||||
|
||||
// CopyBody returns the raw request body data as bytes.
|
||||
func (input *BeegoInput) CopyBody() []byte {
|
||||
requestbody, _ := ioutil.ReadAll(input.Context.Request.Body)
|
||||
func (input *BeegoInput) CopyBody(MaxMemory int64) []byte {
|
||||
safe := &io.LimitedReader{R:input.Context.Request.Body, N:MaxMemory}
|
||||
requestbody, _ := ioutil.ReadAll(safe)
|
||||
input.Context.Request.Body.Close()
|
||||
bf := bytes.NewBuffer(requestbody)
|
||||
input.Context.Request.Body = ioutil.NopCloser(bf)
|
||||
|
@ -653,7 +653,7 @@ func (p *ControllerRegister) ServeHTTP(rw http.ResponseWriter, r *http.Request)
|
||||
|
||||
if r.Method != "GET" && r.Method != "HEAD" {
|
||||
if BConfig.CopyRequestBody && !context.Input.IsUpload() {
|
||||
context.Input.CopyBody()
|
||||
context.Input.CopyBody(BConfig.MaxMemory)
|
||||
}
|
||||
context.Input.ParseFormOrMulitForm(BConfig.MaxMemory)
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user