MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-04-19 18:17:30 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add max buffering to SFTP (#19848)

Browse Source 
Prevent OOM by adversarial use of SFTP upload by setting a 100MB max upload buffer.
This commit is contained in:
Klaus Post 2024-05-31 14:28:07 -07:00 committed by GitHub
parent d67bccf861
commit d3ae0aaad3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
cmd/sftp-server-driver.go
View File

@ -39,6 +39,10 @@ import (
"golang.org/x/crypto/ssh" "golang.org/x/crypto/ssh"
) )
// Maximum write offset for incoming SFTP blocks.
// Set to 100MiB to prevent hostile DOS attacks.
const ftpMaxWriteOffset = 100 << 20
type sftpDriver struct { type sftpDriver struct {
permissions *ssh.Permissions permissions *ssh.Permissions
endpoint string endpoint string
@ -269,6 +273,9 @@ func (w *writerAt) WriteAt(b []byte, offset int64) (n int, err error) {
n, err = w.w.Write(b) n, err = w.w.Write(b)
w.nextOffset += int64(n) w.nextOffset += int64(n)
} else { } else {
if offset > w.nextOffset+ftpMaxWriteOffset {
return 0, fmt.Errorf("write offset %d is too far ahead of next offset %d", offset, w.nextOffset)
}
w.buffer[offset] = make([]byte, len(b)) w.buffer[offset] = make([]byte, len(b))
copy(w.buffer[offset], b) copy(w.buffer[offset], b)
n = len(b) n = len(b)