|
|
590d18 |
From a9367de918ae4f28159275b32f1d6d4716de0122 Mon Sep 17 00:00:00 2001
|
|
|
590d18 |
From: David Kupka <dkupka@redhat.com>
|
|
|
590d18 |
Date: Wed, 26 Aug 2015 14:11:21 +0200
|
|
|
590d18 |
Subject: [PATCH] vault: Limit size of data stored in vault
|
|
|
590d18 |
|
|
|
590d18 |
https://fedorahosted.org/freeipa/ticket/5231
|
|
|
590d18 |
|
|
|
590d18 |
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
|
|
|
590d18 |
---
|
|
|
590d18 |
ipalib/plugins/vault.py | 21 ++++++++++++++++++++-
|
|
|
590d18 |
1 file changed, 20 insertions(+), 1 deletion(-)
|
|
|
590d18 |
|
|
|
590d18 |
diff --git a/ipalib/plugins/vault.py b/ipalib/plugins/vault.py
|
|
|
590d18 |
index 667524465031b6d027afbabeea48871e29c0e1e4..e369eeee20f5652942681f7c3e268e6173005452 100644
|
|
|
590d18 |
--- a/ipalib/plugins/vault.py
|
|
|
590d18 |
+++ b/ipalib/plugins/vault.py
|
|
|
590d18 |
@@ -237,6 +237,7 @@ def validated_read(argname, filename, mode='r', encoding=None):
|
|
|
590d18 |
|
|
|
590d18 |
register = Registry()
|
|
|
590d18 |
|
|
|
590d18 |
+MAX_VAULT_DATA_SIZE = 2**20 # = 1 MB
|
|
|
590d18 |
|
|
|
590d18 |
vault_options = (
|
|
|
590d18 |
Str(
|
|
|
590d18 |
@@ -1233,10 +1234,28 @@ class vault_archive(PKQuery, Local):
|
|
|
590d18 |
raise errors.MutuallyExclusiveError(
|
|
|
590d18 |
reason=_('Input data specified multiple times'))
|
|
|
590d18 |
|
|
|
590d18 |
+ elif data:
|
|
|
590d18 |
+ if len(data) > MAX_VAULT_DATA_SIZE:
|
|
|
590d18 |
+ raise errors.ValidationError(name="data", error=_(
|
|
|
590d18 |
+ "Size of data exceeds the limit. Current vault data size "
|
|
|
590d18 |
+ "limit is %(limit)d B")
|
|
|
590d18 |
+ % {'limit': MAX_VAULT_DATA_SIZE})
|
|
|
590d18 |
+
|
|
|
590d18 |
elif input_file:
|
|
|
590d18 |
+ try:
|
|
|
590d18 |
+ stat = os.stat(input_file)
|
|
|
590d18 |
+ except OSError as exc:
|
|
|
590d18 |
+ raise errors.ValidationError(name="in", error=_(
|
|
|
590d18 |
+ "Cannot read file '%(filename)s': %(exc)s")
|
|
|
590d18 |
+ % {'filename': input_file, 'exc': exc[1]})
|
|
|
590d18 |
+ if stat.st_size > MAX_VAULT_DATA_SIZE:
|
|
|
590d18 |
+ raise errors.ValidationError(name="in", error=_(
|
|
|
590d18 |
+ "Size of data exceeds the limit. Current vault data size "
|
|
|
590d18 |
+ "limit is %(limit)d B")
|
|
|
590d18 |
+ % {'limit': MAX_VAULT_DATA_SIZE})
|
|
|
590d18 |
data = validated_read('in', input_file, mode='rb')
|
|
|
590d18 |
|
|
|
590d18 |
- elif not data:
|
|
|
590d18 |
+ else:
|
|
|
590d18 |
data = ''
|
|
|
590d18 |
|
|
|
590d18 |
if self.api.env.in_server:
|
|
|
590d18 |
--
|
|
|
590d18 |
2.4.3
|
|
|
590d18 |
|