Skip to content

Commit

Permalink
limit the allowed size for the response body
Browse files Browse the repository at this point in the history
this prevent to load in memory potential large responses
  • Loading branch information
drakkan committed Apr 25, 2023
1 parent 3003d48 commit e9ecd12
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 14 deletions.
6 changes: 3 additions & 3 deletions oidc/jwks.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
"crypto/rsa"
"errors"
"fmt"
"io/ioutil"
"io"
"net/http"
"sync"
"time"
Expand Down Expand Up @@ -230,13 +230,13 @@ func (r *RemoteKeySet) updateKeys() ([]jose.JSONWebKey, error) {
}
defer resp.Body.Close()

body, err := ioutil.ReadAll(resp.Body)
body, err := io.ReadAll(io.LimitReader(resp.Body, maxRespBodySize))
if err != nil {
return nil, fmt.Errorf("unable to read response body: %v", err)
}

if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("oidc: get keys failed: %s %s", resp.Status, body)
return nil, fmt.Errorf("oidc: get keys failed: %s %s", resp.Status, body[:getMaxLogSizeForBody(body)])
}

var keySet jose.JSONWebKeySet
Expand Down
25 changes: 16 additions & 9 deletions oidc/oidc.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (
"errors"
"fmt"
"hash"
"io/ioutil"
"io"
"mime"
"net/http"
"strings"
Expand All @@ -35,6 +35,10 @@ const (
ScopeOfflineAccess = "offline_access"
)

const (
maxRespBodySize = 262144
)

var (
errNoAtHash = errors.New("id token did not have an access token hash")
errInvalidAtHash = errors.New("access token hash does not match value in ID token")
Expand Down Expand Up @@ -210,17 +214,13 @@ func NewProvider(ctx context.Context, issuer string) (*Provider, error) {
}
defer resp.Body.Close()

body, err := ioutil.ReadAll(resp.Body)
body, err := io.ReadAll(io.LimitReader(resp.Body, maxRespBodySize))
if err != nil {
return nil, fmt.Errorf("unable to read response body: %v", err)
}

if resp.StatusCode != http.StatusOK {
maxBodySize := len(body)
if maxBodySize > 2048 {
maxBodySize = 2048
}
return nil, fmt.Errorf("%s: %s", resp.Status, body[:maxBodySize])
return nil, fmt.Errorf("%s: %s", resp.Status, body[:getMaxLogSizeForBody(body)])
}

var p providerJSON
Expand Down Expand Up @@ -335,12 +335,12 @@ func (p *Provider) UserInfo(ctx context.Context, tokenSource oauth2.TokenSource)
return nil, err
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
body, err := io.ReadAll(io.LimitReader(resp.Body, maxRespBodySize))
if err != nil {
return nil, err
}
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("%s: %s", resp.Status, body)
return nil, fmt.Errorf("%s: %s", resp.Status, body[:getMaxLogSizeForBody(body)])
}

ct := resp.Header.Get("Content-Type")
Expand Down Expand Up @@ -548,3 +548,10 @@ func unmarshalResp(r *http.Response, body []byte, v interface{}) error {
}
return fmt.Errorf("expected Content-Type = application/json, got %q: %v", ct, err)
}

func getMaxLogSizeForBody(body []byte) int {
if len(body) > 2048 {
return 2048
}
return len(body)
}
4 changes: 2 additions & 2 deletions oidc/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
"encoding/json"
"errors"
"fmt"
"io/ioutil"
"io"
"net/http"
"strings"
"time"
Expand Down Expand Up @@ -182,7 +182,7 @@ func resolveDistributedClaim(ctx context.Context, verifier *IDTokenVerifier, src
}
defer resp.Body.Close()

body, err := ioutil.ReadAll(resp.Body)
body, err := io.ReadAll(io.LimitReader(resp.Body, 262144))
if err != nil {
return nil, fmt.Errorf("unable to read response body: %v", err)
}
Expand Down

0 comments on commit e9ecd12

Please sign in to comment.