1
0
mirror of https://github.com/astaxie/beego.git synced 2024-12-22 21:50:50 +00:00

Merge pull request #1486 from KilledKenny/oomDos

Added MaxMemory limit to CopyBody() Supersedes #1484
This commit is contained in:
astaxie 2015-12-16 23:44:42 +08:00
commit 2aa50c240f
2 changed files with 5 additions and 3 deletions

View File

@ -17,6 +17,7 @@ package context
import (
"bytes"
"errors"
"io"
"io/ioutil"
"net/url"
"reflect"
@ -313,8 +314,9 @@ func (input *BeegoInput) Session(key interface{}) interface{} {
}
// CopyBody returns the raw request body data as bytes.
func (input *BeegoInput) CopyBody() []byte {
requestbody, _ := ioutil.ReadAll(input.Context.Request.Body)
func (input *BeegoInput) CopyBody(MaxMemory int64) []byte {
safe := &io.LimitedReader{R:input.Context.Request.Body, N:MaxMemory}
requestbody, _ := ioutil.ReadAll(safe)
input.Context.Request.Body.Close()
bf := bytes.NewBuffer(requestbody)
input.Context.Request.Body = ioutil.NopCloser(bf)

View File

@ -653,7 +653,7 @@ func (p *ControllerRegister) ServeHTTP(rw http.ResponseWriter, r *http.Request)
if r.Method != "GET" && r.Method != "HEAD" {
if BConfig.CopyRequestBody && !context.Input.IsUpload() {
context.Input.CopyBody()
context.Input.CopyBody(BConfig.MaxMemory)
}
context.Input.ParseFormOrMulitForm(BConfig.MaxMemory)
}