From a9367de918ae4f28159275b32f1d6d4716de0122 Mon Sep 17 00:00:00 2001 From: David Kupka Date: Wed, 26 Aug 2015 14:11:21 +0200 Subject: [PATCH] vault: Limit size of data stored in vault https://fedorahosted.org/freeipa/ticket/5231 Reviewed-By: Petr Vobornik --- ipalib/plugins/vault.py | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/ipalib/plugins/vault.py b/ipalib/plugins/vault.py index 667524465031b6d027afbabeea48871e29c0e1e4..e369eeee20f5652942681f7c3e268e6173005452 100644 --- a/ipalib/plugins/vault.py +++ b/ipalib/plugins/vault.py @@ -237,6 +237,7 @@ def validated_read(argname, filename, mode='r', encoding=None): register = Registry() +MAX_VAULT_DATA_SIZE = 2**20 # = 1 MB vault_options = ( Str( @@ -1233,10 +1234,28 @@ class vault_archive(PKQuery, Local): raise errors.MutuallyExclusiveError( reason=_('Input data specified multiple times')) + elif data: + if len(data) > MAX_VAULT_DATA_SIZE: + raise errors.ValidationError(name="data", error=_( + "Size of data exceeds the limit. Current vault data size " + "limit is %(limit)d B") + % {'limit': MAX_VAULT_DATA_SIZE}) + elif input_file: + try: + stat = os.stat(input_file) + except OSError as exc: + raise errors.ValidationError(name="in", error=_( + "Cannot read file '%(filename)s': %(exc)s") + % {'filename': input_file, 'exc': exc[1]}) + if stat.st_size > MAX_VAULT_DATA_SIZE: + raise errors.ValidationError(name="in", error=_( + "Size of data exceeds the limit. Current vault data size " + "limit is %(limit)d B") + % {'limit': MAX_VAULT_DATA_SIZE}) data = validated_read('in', input_file, mode='rb') - elif not data: + else: data = '' if self.api.env.in_server: -- 2.4.3