bug 739292: maximum file size for signing server. r=catlee

mozilla · Apr 11, 2012 · f8bff11 · f8bff11
1 parent 0504120
commit f8bff11
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/release/signing/signing-server.py b/release/signing/signing-server.py
@@ -330,6 +330,8 @@ def __init__(self, config, passphrases):
         gevent.spawn(self.cleanup_loop)
 
     def load_config(self, config):
+        from ConfigParser import NoOptionError
+
         self.token_secret = config.get('security', 'token_secret')
         if config.has_option('server', 'redis'):
             import redis
@@ -352,6 +354,12 @@ def load_config(self, config):
                 config.get('security', 'allowed_filenames').split(',')]
         self.min_filesize = config.getint('security', 'min_filesize')
         self.formats = [f.strip() for f in config.get('signing', 'formats').split(',')]
+        self.max_filesize = dict()
+        for f in self.formats:
+            try:
+                self.max_filesize[f] = config.getint('security', 'max_filesize_%s' % f)
+            except NoOptionError:
+                self.max_filesize[f] = None
         self.max_token_age = config.getint('security', 'max_token_age')
         self.max_file_age = config.getint('server', 'max_file_age')
         self.token_auth = config.get('security', 'new_token_auth')
@@ -713,6 +721,10 @@ def handle_upload(self, environ, start_response, values, rest, next_nonce):
             os.unlink(tmpname)
             start_response("400 File too small", headers)
             return ""
+        if self.max_filesize[format_] and s > self.max_filesize[format_]:
+            os.unlink(tmpname)
+            start_response("400 File too large", headers)
+            return ""
 
         if h.hexdigest() != filehash:
             os.unlink(tmpname)

diff --git a/release/signing/signing.ini.template b/release/signing/signing.ini.template
@@ -27,6 +27,11 @@ allowed_ips = 0.0.0.0/0
 allowed_filenames = .*
 # Minimum filesize that we'll sign
 min_filesize = 10
+# Maximum filesize, per format. 52428800 = 50MB, 524288000 = 500MB
+max_filesize_gpg = 524288000
+max_filesize_dmg = 52428800
+max_filesize_mar = 52428800
+max_filesize_signcode = 52428800
 # Secret for signing tokens. This should be kept private!
 # It should also be the same on all equivalent signing servers
 token_secret = secretstring