pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone

Blame SOURCES/0099-vault-Limit-size-of-data-stored-in-vault.patch

590d18
From a9367de918ae4f28159275b32f1d6d4716de0122 Mon Sep 17 00:00:00 2001
590d18
From: David Kupka <dkupka@redhat.com>
590d18
Date: Wed, 26 Aug 2015 14:11:21 +0200
590d18
Subject: [PATCH] vault: Limit size of data stored in vault
590d18
590d18
https://fedorahosted.org/freeipa/ticket/5231
590d18
590d18
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
590d18
---
590d18
 ipalib/plugins/vault.py | 21 ++++++++++++++++++++-
590d18
 1 file changed, 20 insertions(+), 1 deletion(-)
590d18
590d18
diff --git a/ipalib/plugins/vault.py b/ipalib/plugins/vault.py
590d18
index 667524465031b6d027afbabeea48871e29c0e1e4..e369eeee20f5652942681f7c3e268e6173005452 100644
590d18
--- a/ipalib/plugins/vault.py
590d18
+++ b/ipalib/plugins/vault.py
590d18
@@ -237,6 +237,7 @@ def validated_read(argname, filename, mode='r', encoding=None):
590d18
 
590d18
 register = Registry()
590d18
 
590d18
+MAX_VAULT_DATA_SIZE = 2**20  # = 1 MB
590d18
 
590d18
 vault_options = (
590d18
     Str(
590d18
@@ -1233,10 +1234,28 @@ class vault_archive(PKQuery, Local):
590d18
             raise errors.MutuallyExclusiveError(
590d18
                 reason=_('Input data specified multiple times'))
590d18
 
590d18
+        elif data:
590d18
+            if len(data) > MAX_VAULT_DATA_SIZE:
590d18
+                raise errors.ValidationError(name="data", error=_(
590d18
+                    "Size of data exceeds the limit. Current vault data size "
590d18
+                    "limit is %(limit)d B")
590d18
+                    % {'limit': MAX_VAULT_DATA_SIZE})
590d18
+
590d18
         elif input_file:
590d18
+            try:
590d18
+                stat = os.stat(input_file)
590d18
+            except OSError as exc:
590d18
+                raise errors.ValidationError(name="in", error=_(
590d18
+                    "Cannot read file '%(filename)s': %(exc)s")
590d18
+                    % {'filename': input_file, 'exc': exc[1]})
590d18
+            if stat.st_size > MAX_VAULT_DATA_SIZE:
590d18
+                raise errors.ValidationError(name="in", error=_(
590d18
+                    "Size of data exceeds the limit. Current vault data size "
590d18
+                    "limit is %(limit)d B")
590d18
+                    % {'limit': MAX_VAULT_DATA_SIZE})
590d18
             data = validated_read('in', input_file, mode='rb')
590d18
 
590d18
-        elif not data:
590d18
+        else:
590d18
             data = ''
590d18
 
590d18
         if self.api.env.in_server:
590d18
-- 
590d18
2.4.3
590d18