Mirrors/go-chasquid-smtp
1
0
Fork 0
mirror of https://blitiri.com.ar/repos/chasquid synced 2025-12-23 15:37:01 +00:00
Code Releases Activity

sts: Limit the size of the HTTPS reads

Browse Source 
To avoid accidents/DoS when we are fetching a very very large policy,
this patch limits the size of the reads to 10k, which should be more
than enough for any reasonable policy as per the current draft.
This commit is contained in:
Alberto Bertogli
2017-03-01 00:04:30 +00:00
parent e66288e4b4
commit 0eeb964534
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
internal/sts/sts_test.go
View File

@@ -157,6 +157,22 @@ func TestFetch(t *testing.T) {
t.Logf("version99: got expected error: %v", err)
}
func TestPolicyTooBig(t *testing.T) {
// Construct a valid but very large JSON as a policy.
raw := `{"version": "STSv1", "mode": "enforce", "mx": [`
for i := 0; i < 2000; i++ {
raw += fmt.Sprintf("\"mx%d\", ", i)
}
raw += `"mxlast"], "max_age": 100}`
policyForDomain["toobig"] = raw
_, err := Fetch(context.Background(), "toobig")
if err == nil {
t.Errorf("fetch worked, but should have failed")
}
t.Logf("got error as expected: %v", err)
}
// Tests for the policy cache.
func mustTempDir(t *testing.T) string {