Add body size limit

author: Frédéric Guillot <fred@miniflux.net> 2018-01-02 18:30:26 -0800
committer: Frédéric Guillot <fred@miniflux.net> 2018-01-02 18:30:26 -0800
commit: aae3d75490e5bddc7bae8d141d8e6f901c22fdd1 (patch)
tree: 227ed3e75da900d0823a664b134c6ca35bff9891 /http
parent: 5558c94a575f72f56983165c7dfd847a8e7ee59f (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/http/client.go b/http/client.go
index df1cbab..9ca542a 100644
--- a/http/client.go
+++ b/http/client.go
@@ -22,6 +22,7 @@ import (
 // Note: Some websites have a user agent filter.
 const userAgent = "Mozilla/5.0 (like Gecko, like Safari, like Chrome) - Miniflux <https://miniflux.net/>"
 const requestTimeout = 300
+const maxBodySize = 1024 * 1024 * 15
 
 // Client is a HTTP Client :)
 type Client struct {
@@ -80,6 +81,10 @@ func (c *Client) executeRequest(request *http.Request) (*Response, error) {
 		return nil, err
 	}
 
+	if resp.ContentLength > maxBodySize {
+		return nil, fmt.Errorf("client: response too large (%d bytes)", resp.ContentLength)
+	}
+
 	response := &Response{
 		Body:         resp.Body,
 		StatusCode:   resp.StatusCode,
@@ -89,10 +94,11 @@ func (c *Client) executeRequest(request *http.Request) (*Response, error) {
 		ContentType:  resp.Header.Get("Content-Type"),
 	}
 
-	logger.Debug("[HttpClient:%s] OriginalURL=%s, StatusCode=%d, ETag=%s, LastModified=%s, EffectiveURL=%s",
+	logger.Debug("[HttpClient:%s] OriginalURL=%s, StatusCode=%d, ContentLength=%d, ETag=%s, LastModified=%s, EffectiveURL=%s",
 		request.Method,
 		c.url,
 		response.StatusCode,
+		resp.ContentLength,
 		response.ETag,
 		response.LastModified,
 		response.EffectiveURL,
author	Frédéric Guillot <fred@miniflux.net>	2018-01-02 18:30:26 -0800
committer	Frédéric Guillot <fred@miniflux.net>	2018-01-02 18:30:26 -0800
commit	aae3d75490e5bddc7bae8d141d8e6f901c22fdd1 (patch)
tree	227ed3e75da900d0823a664b134c6ca35bff9891 /http
parent	5558c94a575f72f56983165c7dfd847a8e7ee59f (diff)