Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix issue #1424
  • Loading branch information
SYM01 committed Mar 9, 2019
1 parent 60c3d7a commit d160ecb
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 0 deletions.
7 changes: 7 additions & 0 deletions binder.go
Expand Up @@ -213,6 +213,8 @@ func bindSlice(params *Params, name string, typ reflect.Type) reflect.Value {
numNoIndex := 0
sliceValues := []sliceValue{}

maxIndexBound := Config.IntDefault("params.max_index", 4096)

// Factor out the common slice logic (between form values and files).
processElement := func(key string, vals []string, files []*multipart.FileHeader) {
if !strings.HasPrefix(key, name+"[") {
Expand All @@ -229,6 +231,11 @@ func bindSlice(params *Params, name string, typ reflect.Type) reflect.Value {

// Handle the indexed case.
if index > -1 {
// Just ignore illegal index, fix issue #1424
if index > maxIndexBound {
binderLog.Error("Ignoring parameter for security reason", "index", index, "key", key)
return
}
if index > maxIndex {
maxIndex = index
}
Expand Down
10 changes: 10 additions & 0 deletions binder_test.go
Expand Up @@ -7,6 +7,7 @@ package revel
import (
"encoding/json"
"fmt"
"github.com/revel/config"
"io"
"io/ioutil"
"os"
Expand Down Expand Up @@ -98,6 +99,8 @@ var (
"invalidArr": {"xyz"},
"int8-overflow": {"1024"},
"uint8-overflow": {"1024"},
"arrDoS[2]": {"2"},
"arrDoS[65535]": {"65535"},
}

testDate = time.Date(1982, time.July, 9, 0, 0, 0, 0, time.UTC)
Expand Down Expand Up @@ -168,6 +171,7 @@ var binderTestCases = map[string]interface{}{
"priv": A{},
"int8-overflow": int8(0),
"uint8-overflow": uint8(0),
"arrDoS": []int{0, 0, 2},
}

// Types that files may be bound to, and a func that can read the content from
Expand Down Expand Up @@ -213,6 +217,12 @@ func TestBinder(t *testing.T) {
// Reuse the mvc_test.go multipart request to test the binder.
params := &Params{}
c := NewTestController(nil, getMultipartRequest())
if Config == nil {
Config = config.NewContext()
defer func() {
Config = nil
}()
}
ParseParams(params, NewRequest(c.Request.In))
params.Values = ParamTestValues

Expand Down

0 comments on commit d160ecb

Please sign in to comment.