Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: limit the number of bytes read from an HTTP response #629

Merged
merged 1 commit into from
Nov 4, 2023
Merged

fix: limit the number of bytes read from an HTTP response #629

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 1 addition & 4 deletions internal/config/network_probe.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package config

import (
"context"
"io"
"net/http"
"time"

Expand All @@ -24,9 +23,7 @@ func ProbeURL(ctx context.Context, url string) bool {
if err != nil {
return false
}
defer resp.Body.Close()

_, err = io.ReadAll(resp.Body)
err = resp.Body.Close()
return err == nil
}

Expand Down
3 changes: 3 additions & 0 deletions internal/monitor/base.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ import (

//go:generate mockgen -typed -destination=../mocks/mock_monitor.go -package=mocks . Monitor

// maxReadLength is the maximum number of bytes read from an HTTP response.
const maxReadLength int64 = 102400

// Monitor is a dead man's switch, meaning that the user will be notified when the updater fails to
// detect and update the public IP address. No notifications for IP changes.
type Monitor interface {
Expand Down
2 changes: 1 addition & 1 deletion internal/monitor/healthchecks.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ func (h *Healthchecks) ping(ctx context.Context, ppfmt pp.PP, endpoint string, m
return false
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
body, err := io.ReadAll(io.LimitReader(resp.Body, maxReadLength))
if err != nil {
ppfmt.Warningf(pp.EmojiError,
"Failed to read HTTP(S) response from the %s endpoint of Healthchecks: %v",
Expand Down
3 changes: 2 additions & 1 deletion internal/monitor/uptimekuma.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package monitor
import (
"context"
"encoding/json"
"io"
"net/http"
"net/url"
"slices"
Expand Down Expand Up @@ -135,7 +136,7 @@ func (h *UptimeKuma) ping(ctx context.Context, ppfmt pp.PP, param UptimeKumaRequ
defer resp.Body.Close()

var parsedResp UptimeKumaResponse
if err = json.NewDecoder(resp.Body).Decode(&parsedResp); err != nil {
if err = json.NewDecoder(io.LimitReader(resp.Body, maxReadLength)).Decode(&parsedResp); err != nil {
ppfmt.Warningf(pp.EmojiError, "Failed to parse the response from Uptime Kuma: %v", err)
return false
}
Expand Down
5 changes: 4 additions & 1 deletion internal/provider/protocol/httpcore.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ import (
"github.com/favonia/cloudflare-ddns/internal/pp"
)

// maxReadLength is the maximum number of bytes read from an HTTP response.
const maxReadLength int64 = 102400

type httpCore struct {
url string
method string
Expand Down Expand Up @@ -41,7 +44,7 @@ func (h *httpCore) getIP(ctx context.Context, ppfmt pp.PP) (netip.Addr, bool) {
}
defer resp.Body.Close()

body, err := io.ReadAll(resp.Body)
body, err := io.ReadAll(io.LimitReader(resp.Body, maxReadLength))
if err != nil {
ppfmt.Warningf(pp.EmojiError, "Failed to read HTTP(S) response from %q: %v", h.url, err)
return invalidIP, false
Expand Down
Loading