Limit OCSP answers to 1MB.

fixes #56
This commit is contained in:
xenolf 2015-12-18 22:33:30 +01:00
parent 37153517a9
commit 7789bd2ffc

View file

@ -14,6 +14,7 @@ import (
"encoding/pem"
"errors"
"fmt"
"io"
"io/ioutil"
"math/big"
"net/http"
@ -67,7 +68,7 @@ func GetOCSPForCert(bundle []byte) ([]byte, int, error) {
}
defer resp.Body.Close()
issuerBytes, err := ioutil.ReadAll(resp.Body)
issuerBytes, err := ioutil.ReadAll(limitReader(resp.Body, 1024*1024))
if err != nil {
return nil, OCSPUnknown, err
}
@ -101,7 +102,7 @@ func GetOCSPForCert(bundle []byte) ([]byte, int, error) {
}
defer req.Body.Close()
ocspResBytes, err := ioutil.ReadAll(req.Body)
ocspResBytes, err := ioutil.ReadAll(limitReader(req.Body, 1024*1024))
ocspRes, err := ocsp.ParseResponse(ocspResBytes, issuerCert)
if err != nil {
return nil, OCSPUnknown, err
@ -312,3 +313,7 @@ func generateDerCert(privKey *rsa.PrivateKey, expiration time.Time, domain strin
return x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey)
}
func limitReader(rd io.ReadCloser, numBytes int64) io.ReadCloser {
return http.MaxBytesReader(nil, rd, numBytes)
}