forked from TrueCloudLab/distribution
fix: invalid conversion when using Content-Range in client
Fixes: https://github.com/distribution/distribution/security/code-scanning/34 Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
This commit is contained in:
parent
06505be5d5
commit
f33e5a69da
1 changed files with 4 additions and 0 deletions
|
@ -7,6 +7,7 @@ import (
|
|||
"errors"
|
||||
"fmt"
|
||||
"io"
|
||||
"math"
|
||||
"net/http"
|
||||
"regexp"
|
||||
"strconv"
|
||||
|
@ -240,6 +241,9 @@ func (hrs *HTTPReadSeeker) reader() (io.Reader, error) {
|
|||
return nil, fmt.Errorf("range in Content-Range stops before the end of the content: %s", contentRange)
|
||||
}
|
||||
|
||||
if size > math.MaxInt64 {
|
||||
return nil, fmt.Errorf("Content-Range size: %d exceeds max allowed size", size)
|
||||
}
|
||||
hrs.size = int64(size)
|
||||
}
|
||||
} else if resp.StatusCode == http.StatusOK {
|
||||
|
|
Loading…
Reference in a new issue