From aae3d75490e5bddc7bae8d141d8e6f901c22fdd1 Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@miniflux.net>
Date: Tue, 2 Jan 2018 18:30:26 -0800
Subject: Add body size limit

---
 http/client.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'http')

diff --git a/http/client.go b/http/client.go
index df1cbab..9ca542a 100644
--- a/http/client.go
+++ b/http/client.go
@@ -22,6 +22,7 @@ import (
 // Note: Some websites have a user agent filter.
 const userAgent = "Mozilla/5.0 (like Gecko, like Safari, like Chrome) - Miniflux <https://miniflux.net/>"
 const requestTimeout = 300
+const maxBodySize = 1024 * 1024 * 15
 
 // Client is a HTTP Client :)
 type Client struct {
@@ -80,6 +81,10 @@ func (c *Client) executeRequest(request *http.Request) (*Response, error) {
 		return nil, err
 	}
 
+	if resp.ContentLength > maxBodySize {
+		return nil, fmt.Errorf("client: response too large (%d bytes)", resp.ContentLength)
+	}
+
 	response := &Response{
 		Body:         resp.Body,
 		StatusCode:   resp.StatusCode,
@@ -89,10 +94,11 @@ func (c *Client) executeRequest(request *http.Request) (*Response, error) {
 		ContentType:  resp.Header.Get("Content-Type"),
 	}
 
-	logger.Debug("[HttpClient:%s] OriginalURL=%s, StatusCode=%d, ETag=%s, LastModified=%s, EffectiveURL=%s",
+	logger.Debug("[HttpClient:%s] OriginalURL=%s, StatusCode=%d, ContentLength=%d, ETag=%s, LastModified=%s, EffectiveURL=%s",
 		request.Method,
 		c.url,
 		response.StatusCode,
+		resp.ContentLength,
 		response.ETag,
 		response.LastModified,
 		response.EffectiveURL,
-- 
cgit v1.2.3