From 215b4bae3b264fdb1149f54a4d0e90f718ffe1d4 Mon Sep 17 00:00:00 2001
From: kevin <wanjunfeng@gmail.com>
Date: Mon, 10 Aug 2020 17:55:19 +0800
Subject: [PATCH] check content length before reading

---
 rest/handler/cryptionhandler.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/rest/handler/cryptionhandler.go b/rest/handler/cryptionhandler.go
index f5d4e48d..93bbd889 100644
--- a/rest/handler/cryptionhandler.go
+++ b/rest/handler/cryptionhandler.go
@@ -3,6 +3,7 @@ package handler
 import (
 	"bytes"
 	"encoding/base64"
+	"errors"
 	"io"
 	"io/ioutil"
 	"net/http"
@@ -13,6 +14,8 @@ import (
 
 const maxBytes = 1 << 20 // 1 MiB
 
+var errContentLengthExceeded = errors.New("content length exceeded")
+
 func CryptionHandler(key []byte) func(http.Handler) http.Handler {
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
@@ -35,6 +38,10 @@ func CryptionHandler(key []byte) func(http.Handler) http.Handler {
 }
 
 func decryptBody(key []byte, r *http.Request) error {
+	if r.ContentLength > maxBytes {
+		return errContentLengthExceeded
+	}
+
 	content, err := ioutil.ReadAll(io.LimitReader(r.Body, maxBytes))
 	if err != nil {
 		return err