You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A malicious user could upload a very large file and exhaust server RAM or fill the disk.
A possible fix is to use http.MaxBytesReader to limit the size of the upload to some reasonable maximum for image files (e.g. 10 MiB).
Calling ParseMultipartForm with an explicit RAM limit also protects the server from exhausting RAM trying to process large uploads:
constmaxImageBytes=10<<20// 10 MiBfuncuploaderHandler(w http.ResponseWriter, req*http.Request) {
// Read a maximum of maxImageBytes, plus a little extra room for multipart fields.r.Body=http.MaxBytesReader(w, r.Body, maxImageBytes+1024)
iferr:=r.ParseMultipartForm(maxImageBytes); err!=nil {
http.Error(w, err.Error(), http.StatusBadRequest)
return
}
userID:=req.FormValue("userid")
...
The text was updated successfully, but these errors were encountered:
Chapter 3 accepts arbitrary uploads from remote users, but it doesn't limit the size of the upload.
goblueprints/chapter3/chat/upload.go
Line 12 in aae50b4
A malicious user could upload a very large file and exhaust server RAM or fill the disk.
A possible fix is to use
http.MaxBytesReaderto limit the size of the upload to some reasonable maximum for image files (e.g. 10 MiB).Calling
ParseMultipartFormwith an explicit RAM limit also protects the server from exhausting RAM trying to process large uploads:The text was updated successfully, but these errors were encountered: