1
0
mirror of https://github.com/astaxie/beego.git synced 2024-11-26 05:01:28 +00:00

Merge pull request #1486 from KilledKenny/oomDos

Added MaxMemory limit to CopyBody() Supersedes #1484
This commit is contained in:
astaxie 2015-12-16 23:44:42 +08:00
commit 2aa50c240f
2 changed files with 5 additions and 3 deletions

View File

@ -17,6 +17,7 @@ package context
import ( import (
"bytes" "bytes"
"errors" "errors"
"io"
"io/ioutil" "io/ioutil"
"net/url" "net/url"
"reflect" "reflect"
@ -313,8 +314,9 @@ func (input *BeegoInput) Session(key interface{}) interface{} {
} }
// CopyBody returns the raw request body data as bytes. // CopyBody returns the raw request body data as bytes.
func (input *BeegoInput) CopyBody() []byte { func (input *BeegoInput) CopyBody(MaxMemory int64) []byte {
requestbody, _ := ioutil.ReadAll(input.Context.Request.Body) safe := &io.LimitedReader{R:input.Context.Request.Body, N:MaxMemory}
requestbody, _ := ioutil.ReadAll(safe)
input.Context.Request.Body.Close() input.Context.Request.Body.Close()
bf := bytes.NewBuffer(requestbody) bf := bytes.NewBuffer(requestbody)
input.Context.Request.Body = ioutil.NopCloser(bf) input.Context.Request.Body = ioutil.NopCloser(bf)

View File

@ -653,7 +653,7 @@ func (p *ControllerRegister) ServeHTTP(rw http.ResponseWriter, r *http.Request)
if r.Method != "GET" && r.Method != "HEAD" { if r.Method != "GET" && r.Method != "HEAD" {
if BConfig.CopyRequestBody && !context.Input.IsUpload() { if BConfig.CopyRequestBody && !context.Input.IsUpload() {
context.Input.CopyBody() context.Input.CopyBody(BConfig.MaxMemory)
} }
context.Input.ParseFormOrMulitForm(BConfig.MaxMemory) context.Input.ParseFormOrMulitForm(BConfig.MaxMemory)
} }