Mathis/lemma
1
0
Fork 0
mirror of https://github.com/lordmathis/lemma.git synced 2025-11-05 23:44:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add file size validation in UploadFile handler to prevent excessive memory allocation

Browse Source
This commit is contained in:
Matúš Námešný
2025-07-12 15:06:01 +02:00
parent 9f01c64e5e
commit 005288b3d8
1 changed files with 15 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
server/internal/handlers/file_handlers.go
View File

@@ -372,6 +372,19 @@ func (h *Handler) UploadFile() http.HandlerFunc {
return return
} }
// Validate file size to prevent excessive memory allocation
// TODO: Make this configurable
const maxFileSize = 100 * 1024 * 1024 // 100MB
if formFile.Size > maxFileSize {
log.Debug("file too large",
"fileName", formFile.Filename,
"fileSize", formFile.Size,
"maxSize", maxFileSize,
)
respondError(w, "File too large", http.StatusBadRequest)
return
}
// Open the uploaded file // Open the uploaded file
file, err := formFile.Open() file, err := formFile.Open()
if err != nil { if err != nil {
@@ -391,9 +404,8 @@ func (h *Handler) UploadFile() http.HandlerFunc {
filePath := decodedPath + "/" + formFile.Filename filePath := decodedPath + "/" + formFile.Filename
content := make([]byte, formFile.Size) content, err := io.ReadAll(file)
_, err = file.Read(content) if err != nil {
if err != nil && err != io.EOF {
log.Error("failed to read uploaded file", log.Error("failed to read uploaded file",
"filePath", filePath, "filePath", filePath,
"error", err.Error(), "error", err.Error(),