From 9ed044042156a9bdfafb4ae9830b3ed41225444e Mon Sep 17 00:00:00 2001 From: S7evinK Date: Mon, 14 Jun 2021 15:12:03 +0200 Subject: [PATCH] Set MaxFileSizeBytes <= 0 to "unlimited" (#1875) * Set MaxFileSizeBytes < 0 to "unlimited" Signed-off-by: Till Faelligen * int64 overflows later in mediaapi/routing/upload.go[doUpload] * Prevent int overflow when uploading --- mediaapi/routing/upload.go | 12 ++++++++++++ setup/config/config_mediaapi.go | 6 ++++++ 2 files changed, 18 insertions(+) diff --git a/mediaapi/routing/upload.go b/mediaapi/routing/upload.go index ada02b11e..bc0d206b9 100644 --- a/mediaapi/routing/upload.go +++ b/mediaapi/routing/upload.go @@ -147,6 +147,18 @@ func (r *uploadRequest) doUpload( // r.storeFileAndMetadata(ctx, tmpDir, ...) // before you return from doUpload else we will leak a temp file. We could make this nicer with a `WithTransaction` style of // nested function to guarantee either storage or cleanup. + + // should not happen, but prevents any int overflows + if cfg.MaxFileSizeBytes != nil && *cfg.MaxFileSizeBytes+1 <= 0 { + r.Logger.WithFields(log.Fields{ + "MaxFileSizeBytes": *cfg.MaxFileSizeBytes + 1, + }).Error("Error while transferring file, configured max_file_size_bytes overflows int64") + return &util.JSONResponse{ + Code: http.StatusBadRequest, + JSON: jsonerror.Unknown("Failed to upload"), + } + } + lr := io.LimitReader(reqReader, int64(*cfg.MaxFileSizeBytes)+1) hash, bytesWritten, tmpDir, err := fileutils.WriteTempFile(ctx, lr, cfg.AbsBasePath) if err != nil { diff --git a/setup/config/config_mediaapi.go b/setup/config/config_mediaapi.go index 660a508d5..0943a39e2 100644 --- a/setup/config/config_mediaapi.go +++ b/setup/config/config_mediaapi.go @@ -2,6 +2,7 @@ package config import ( "fmt" + "math" ) type MediaAPI struct { @@ -57,6 +58,11 @@ func (c *MediaAPI) Verify(configErrs *ConfigErrors, isMonolith bool) { checkNotEmpty(configErrs, "media_api.database.connection_string", string(c.Database.ConnectionString)) checkNotEmpty(configErrs, "media_api.base_path", string(c.BasePath)) + // allow "unlimited" file size + if c.MaxFileSizeBytes != nil && *c.MaxFileSizeBytes <= 0 { + unlimitedSize := FileSizeBytes(math.MaxInt64 - 1) + c.MaxFileSizeBytes = &unlimitedSize + } checkPositive(configErrs, "media_api.max_file_size_bytes", int64(*c.MaxFileSizeBytes)) checkPositive(configErrs, "media_api.max_thumbnail_generators", int64(c.MaxThumbnailGenerators))