alexvanin/distribution
1
0
Fork 0
forked from TrueCloudLab/distribution
Code Pull requests Activity

fix: invalid conversion when using Content-Range in client

Browse source 
Fixes: https://github.com/distribution/distribution/security/code-scanning/34

Signed-off-by: Milos Gajdos <milosthegajdos@gmail.com>
This commit is contained in:
Milos Gajdos 2023-11-22 06:07:49 +00:00
parent 06505be5d5
commit f33e5a69da
No known key found for this signature in database
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
internal/client/transport/http_reader.go
View file

@ -7,6 +7,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"io" "io"
"math"
"net/http" "net/http"
"regexp" "regexp"
"strconv" "strconv"
@ -240,6 +241,9 @@ func (hrs *HTTPReadSeeker) reader() (io.Reader, error) {
return nil, fmt.Errorf("range in Content-Range stops before the end of the content: %s", contentRange) return nil, fmt.Errorf("range in Content-Range stops before the end of the content: %s", contentRange)
} }
if size > math.MaxInt64 {
return nil, fmt.Errorf("Content-Range size: %d exceeds max allowed size", size)
}
hrs.size = int64(size) hrs.size = int64(size)
} }
} else if resp.StatusCode == http.StatusOK { } else if resp.StatusCode == http.StatusOK {