self-hosted/minio
self-hosted/minio
1
0
Fork 0
mirror of https://github.com/minio/minio synced 2024-10-06 16:09:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add max buffering to SFTP (#19848)

Browse source 
Prevent OOM by adversarial use of SFTP upload by setting a 100MB max upload buffer.
This commit is contained in:
Klaus Post 2024-05-31 14:28:07 -07:00 committed by GitHub
parent d67bccf861
commit d3ae0aaad3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
cmd/sftp-server-driver.go
View file

@ -39,6 +39,10 @@ import (
"golang.org/x/crypto/ssh"
)
// Maximum write offset for incoming SFTP blocks.
// Set to 100MiB to prevent hostile DOS attacks.
const ftpMaxWriteOffset = 100 << 20
type sftpDriver struct {
permissions *ssh.Permissions
endpoint string
@ -269,6 +273,9 @@ func (w *writerAt) WriteAt(b []byte, offset int64) (n int, err error) {
n, err = w.w.Write(b)
w.nextOffset += int64(n)
} else {
if offset > w.nextOffset+ftpMaxWriteOffset {
return 0, fmt.Errorf("write offset %d is too far ahead of next offset %d", offset, w.nextOffset)
}
w.buffer[offset] = make([]byte, len(b))
copy(w.buffer[offset], b)
n = len(b)