Permalink
Browse files

Return a 400 quick on long filenames.

  • Loading branch information...
1 parent 142a634 commit da5387e267b7a911d54d4fc41d47d7fb8cc11177 @dustin dustin committed Oct 16, 2012
Showing with 11 additions and 3 deletions.
  1. +11 −3 http.go
View
14 http.go
@@ -142,6 +142,14 @@ func putUserFile(w http.ResponseWriter, req *http.Request) {
return
}
+ fn := resolvePath(req)
+ if len(fn) > 250 {
+ w.WriteHeader(400)
+ log.Printf("User supplied excessively long filename: %v", fn)
+ fmt.Fprintf(w, "Filename too long.")
+ return
+ }
+
f, err := NewHashRecord(*root, req.Header.Get("X-CBFS-Hash"))
if err != nil {
log.Printf("Error writing tmp file: %v", err)
@@ -155,7 +163,7 @@ func putUserFile(w http.ResponseWriter, req *http.Request) {
// If we don't know, guess about a meg.
l = 1024 * 1024
}
- r, bgch := altStoreFile(req.URL.Path, req.Body, uint64(l))
+ r, bgch := altStoreFile(fn, req.Body, uint64(l))
h, length, err := f.Process(r)
if err != nil {
@@ -219,10 +227,10 @@ func putUserFile(w http.ResponseWriter, req *http.Request) {
}
}
- err = storeMeta(resolvePath(req), fm, revs)
+ err = storeMeta(fn, fm, revs)
if err != nil {
log.Printf("Error storing file meta of %v -> %v: %v",
- resolvePath(req), h, err)
+ fn, h, err)
w.WriteHeader(500)
fmt.Fprintf(w, "Error recording blob ownership: %v", err)
return

0 comments on commit da5387e

Please sign in to comment.