Diff

plugins/mod_http_file_share.lua @ 11323:a853a018eede

mod_http_file_share: Validate file size early in HTTP PUT request
author Kim Alvefur <zash@zash.se>
date Wed, 27 Jan 2021 17:47:04 +0100
parent 11322:4ade9810ce35
child 11324:494761f5d7da
line wrap: on
line diff
--- a/plugins/mod_http_file_share.lua	Wed Jan 27 17:34:48 2021 +0100
+++ b/plugins/mod_http_file_share.lua	Wed Jan 27 17:47:04 2021 +0100
@@ -165,6 +165,11 @@
 		module:log("debug", "Invalid upload slot: %q, path: %q", upload_info.slot, path);
 		return 400;
 	end
+	if request.headers.content_length and tonumber(request.headers.content_length) ~= upload_info.filesize then
+		return 413;
+		-- Note: We don't know the size if the upload is streamed in chunked encoding,
+		-- so we also check the final file size on completion.
+	end
 
 	local filename = dm.getpath(upload_info.slot, module.host, module.name, nil, true);