Skip to content

Commit

Permalink
fix: limit the number of bytes read from an HTTP response
Browse files Browse the repository at this point in the history
  • Loading branch information
favonia committed Nov 4, 2023
1 parent 9f456ff commit 359803c
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 8 deletions.
7 changes: 2 additions & 5 deletions internal/config/network_probe.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@ package config

import (
"context"
"io"
"net/http"
"time"

Expand All @@ -24,10 +23,8 @@ func ProbeURL(ctx context.Context, url string) bool {
if err != nil {
return false
}
defer resp.Body.Close()

_, err = io.ReadAll(resp.Body)
return err == nil
err = resp.Body.Close()
return err != nil
}

// ShouldWeUse1001 quickly checks 1.1.1.1 and 1.0.0.1 and notes whether 1.0.0.1 should be used.
Expand Down
3 changes: 3 additions & 0 deletions internal/monitor/base.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,9 @@ import (

//go:generate mockgen -typed -destination=../mocks/mock_monitor.go -package=mocks . Monitor

// maxReadLength is the maximum number of bytes read from an HTTP response.
const maxReadLength int64 = 102400

// Monitor is a dead man's switch, meaning that the user will be notified when the updater fails to
// detect and update the public IP address. No notifications for IP changes.
type Monitor interface {
Expand Down
2 changes: 1 addition & 1 deletion internal/monitor/healthchecks.go
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ func (h *Healthchecks) ping(ctx context.Context, ppfmt pp.PP, endpoint string, m
return false
}
defer resp.Body.Close()
body, err := io.ReadAll(resp.Body)
body, err := io.ReadAll(io.LimitReader(resp.Body, maxReadLength))
if err != nil {
ppfmt.Warningf(pp.EmojiError,
"Failed to read HTTP(S) response from the %s endpoint of Healthchecks: %v",
Expand Down
3 changes: 2 additions & 1 deletion internal/monitor/uptimekuma.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package monitor
import (
"context"
"encoding/json"
"io"
"net/http"
"net/url"
"slices"
Expand Down Expand Up @@ -135,7 +136,7 @@ func (h *UptimeKuma) ping(ctx context.Context, ppfmt pp.PP, param UptimeKumaRequ
defer resp.Body.Close()

var parsedResp UptimeKumaResponse
if err = json.NewDecoder(resp.Body).Decode(&parsedResp); err != nil {
if err = json.NewDecoder(io.LimitReader(resp.Body, maxReadLength)).Decode(&parsedResp); err != nil {
ppfmt.Warningf(pp.EmojiError, "Failed to parse the response from Uptime Kuma: %v", err)
return false
}
Expand Down
5 changes: 4 additions & 1 deletion internal/provider/protocol/httpcore.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ import (
"github.com/favonia/cloudflare-ddns/internal/pp"
)

// maxReadLength is the maximum number of bytes read from an HTTP response.
const maxReadLength int64 = 102400

type httpCore struct {
url string
method string
Expand Down Expand Up @@ -41,7 +44,7 @@ func (h *httpCore) getIP(ctx context.Context, ppfmt pp.PP) (netip.Addr, bool) {
}
defer resp.Body.Close()

body, err := io.ReadAll(resp.Body)
body, err := io.ReadAll(io.LimitReader(resp.Body, maxReadLength))
if err != nil {
ppfmt.Warningf(pp.EmojiError, "Failed to read HTTP(S) response from %q: %v", h.url, err)
return invalidIP, false
Expand Down

0 comments on commit 359803c

Please sign in to comment.