mirror of
https://github.com/minio/minio.git
synced 2024-12-24 22:25:54 -05:00
Add max buffering to SFTP (#19848)
Prevent OOM by adversarial use of SFTP upload by setting a 100MB max upload buffer.
This commit is contained in:
parent
d67bccf861
commit
d3ae0aaad3
@ -39,6 +39,10 @@ import (
|
||||
"golang.org/x/crypto/ssh"
|
||||
)
|
||||
|
||||
// Maximum write offset for incoming SFTP blocks.
|
||||
// Set to 100MiB to prevent hostile DOS attacks.
|
||||
const ftpMaxWriteOffset = 100 << 20
|
||||
|
||||
type sftpDriver struct {
|
||||
permissions *ssh.Permissions
|
||||
endpoint string
|
||||
@ -269,6 +273,9 @@ func (w *writerAt) WriteAt(b []byte, offset int64) (n int, err error) {
|
||||
n, err = w.w.Write(b)
|
||||
w.nextOffset += int64(n)
|
||||
} else {
|
||||
if offset > w.nextOffset+ftpMaxWriteOffset {
|
||||
return 0, fmt.Errorf("write offset %d is too far ahead of next offset %d", offset, w.nextOffset)
|
||||
}
|
||||
w.buffer[offset] = make([]byte, len(b))
|
||||
copy(w.buffer[offset], b)
|
||||
n = len(b)
|
||||
|
Loading…
Reference in New Issue
Block a user