fix: invalid conversion when using Content-Range in client

Fixes: https://github.com/distribution/distribution/security/code-scanning/34

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
This commit is contained in:
Milos Gajdos 2023-11-22 06:07:49 +00:00
parent 06505be5d5
commit f33e5a69da
No known key found for this signature in database

View file

@ -7,6 +7,7 @@ import (
"errors"
"fmt"
"io"
"math"
"net/http"
"regexp"
"strconv"
@ -240,6 +241,9 @@ func (hrs *HTTPReadSeeker) reader() (io.Reader, error) {
return nil, fmt.Errorf("range in Content-Range stops before the end of the content: %s", contentRange)
}
if size > math.MaxInt64 {
return nil, fmt.Errorf("Content-Range size: %d exceeds max allowed size", size)
}
hrs.size = int64(size)
}
} else if resp.StatusCode == http.StatusOK {