Software /
code /
prosody
Diff
plugins/mod_http_file_share.lua @ 11323:a853a018eede
mod_http_file_share: Validate file size early in HTTP PUT request
author | Kim Alvefur <zash@zash.se> |
---|---|
date | Wed, 27 Jan 2021 17:47:04 +0100 |
parent | 11322:4ade9810ce35 |
child | 11324:494761f5d7da |
line wrap: on
line diff
--- a/plugins/mod_http_file_share.lua Wed Jan 27 17:34:48 2021 +0100 +++ b/plugins/mod_http_file_share.lua Wed Jan 27 17:47:04 2021 +0100 @@ -165,6 +165,11 @@ module:log("debug", "Invalid upload slot: %q, path: %q", upload_info.slot, path); return 400; end + if request.headers.content_length and tonumber(request.headers.content_length) ~= upload_info.filesize then + return 413; + -- Note: We don't know the size if the upload is streamed in chunked encoding, + -- so we also check the final file size on completion. + end local filename = dm.getpath(upload_info.slot, module.host, module.name, nil, true);