TrueCloudLab/lego
14
0
Fork 4
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity

Limit OCSP answers to 1MB.

Browse source 
fixes #56
This commit is contained in:
xenolf 2015-12-18 22:33:30 +01:00
parent 37153517a9
commit 7789bd2ffc
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
acme/crypto.go
View file

@ -14,6 +14,7 @@ import (
"encoding/pem" "encoding/pem"
"errors" "errors"
"fmt" "fmt"
"io"
"io/ioutil" "io/ioutil"
"math/big" "math/big"
"net/http" "net/http"
@ -67,7 +68,7 @@ func GetOCSPForCert(bundle []byte) ([]byte, int, error) {
} }
defer resp.Body.Close() defer resp.Body.Close()
issuerBytes, err := ioutil.ReadAll(resp.Body) issuerBytes, err := ioutil.ReadAll(limitReader(resp.Body, 1024*1024))
if err != nil { if err != nil {
return nil, OCSPUnknown, err return nil, OCSPUnknown, err
} }
@ -100,8 +101,8 @@ func GetOCSPForCert(bundle []byte) ([]byte, int, error) {
return nil, OCSPUnknown, err return nil, OCSPUnknown, err
} }
defer req.Body.Close() defer req.Body.Close()
ocspResBytes, err := ioutil.ReadAll(req.Body) ocspResBytes, err := ioutil.ReadAll(limitReader(req.Body, 1024*1024))
ocspRes, err := ocsp.ParseResponse(ocspResBytes, issuerCert) ocspRes, err := ocsp.ParseResponse(ocspResBytes, issuerCert)
if err != nil { if err != nil {
return nil, OCSPUnknown, err return nil, OCSPUnknown, err
@ -312,3 +313,7 @@ func generateDerCert(privKey *rsa.PrivateKey, expiration time.Time, domain strin
return x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey) return x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey)
} }
func limitReader(rd io.ReadCloser, numBytes int64) io.ReadCloser {
return http.MaxBytesReader(nil, rd, numBytes)
}