pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Source Code
GIT

Blame SOURCES/0099-vault-Limit-size-of-data-stored-in-vault.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client
  1.   80f8748478bb05c01261d17bfc6c54d870e00966
  2.   SOURCES
  3.   0099-vault-Limit-size-of-data-stored-in-vault.patch
Blob History Raw
590d18 
From a9367de918ae4f28159275b32f1d6d4716de0122 Mon Sep 17 00:00:00 2001
590d18 
From: David Kupka <dkupka@redhat.com>
590d18 
Date: Wed, 26 Aug 2015 14:11:21 +0200
590d18 
Subject: [PATCH] vault: Limit size of data stored in vault
590d18
590d18 
https://fedorahosted.org/freeipa/ticket/5231
590d18
590d18 
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
590d18 
---
590d18 
 ipalib/plugins/vault.py | 21 ++++++++++++++++++++-
590d18 
 1 file changed, 20 insertions(+), 1 deletion(-)
590d18
590d18 
diff --git a/ipalib/plugins/vault.py b/ipalib/plugins/vault.py
590d18 
index 667524465031b6d027afbabeea48871e29c0e1e4..e369eeee20f5652942681f7c3e268e6173005452 100644
590d18 
--- a/ipalib/plugins/vault.py
590d18 
+++ b/ipalib/plugins/vault.py
590d18 
@@ -237,6 +237,7 @@ def validated_read(argname, filename, mode='r', encoding=None):
590d18
590d18 
 register = Registry()
590d18
590d18 
+MAX_VAULT_DATA_SIZE = 2**20  # = 1 MB
590d18
590d18 
 vault_options = (
590d18 
     Str(
590d18 
@@ -1233,10 +1234,28 @@ class vault_archive(PKQuery, Local):
590d18 
             raise errors.MutuallyExclusiveError(
590d18 
                 reason=_('Input data specified multiple times'))
590d18
590d18 
+        elif data:
590d18 
+            if len(data) > MAX_VAULT_DATA_SIZE:
590d18 
+                raise errors.ValidationError(name="data", error=_(
590d18 
+                    "Size of data exceeds the limit. Current vault data size "
590d18 
+                    "limit is %(limit)d B")
590d18 
+                    % {'limit': MAX_VAULT_DATA_SIZE})
590d18 
+
590d18 
         elif input_file:
590d18 
+            try:
590d18 
+                stat = os.stat(input_file)
590d18 
+            except OSError as exc:
590d18 
+                raise errors.ValidationError(name="in", error=_(
590d18 
+                    "Cannot read file '%(filename)s': %(exc)s")
590d18 
+                    % {'filename': input_file, 'exc': exc[1]})
590d18 
+            if stat.st_size > MAX_VAULT_DATA_SIZE:
590d18 
+                raise errors.ValidationError(name="in", error=_(
590d18 
+                    "Size of data exceeds the limit. Current vault data size "
590d18 
+                    "limit is %(limit)d B")
590d18 
+                    % {'limit': MAX_VAULT_DATA_SIZE})
590d18 
             data = validated_read('in', input_file, mode='rb')
590d18
590d18 
-        elif not data:
590d18 
+        else:
590d18 
             data = ''
590d18
590d18 
         if self.api.env.in_server:
590d18 
--
590d18 
2.4.3
590d18

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation