vw_small

Hardened fork of Vaultwarden (https://github.com/dani-garcia/vaultwarden) with fewer features.
git clone https://git.philomathiclife.com/repos/vw_small
Log | Files | Refs | README
commit 25454697130a2bcbb76f7f29cdf8d1d382de96c7
parent f09996a21d8dec277e994edaa79fcca1a9890d27
Author: Daniel GarcĂ­a <dani-garcia@users.noreply.github.com>
Date:   Thu, 19 Dec 2019 00:37:16 +0100

Fix crash when page URL points to huge file

Diffstat:

Msrc/api/icons.rs | 8++++++--


Msrc/util.rs | 27+++++++++++++++++++++++++++


2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/src/api/icons.rs b/src/api/icons.rs
@@ -213,7 +213,7 @@ fn get_icon_url(domain: &str) -> Result<(Vec<Icon>, String), Error> {
     let mut cookie_str = String::new();
 
     let resp = get_page(&ssldomain).or_else(|_| get_page(&httpdomain));
-    if let Ok(content) = resp {
+    if let Ok(mut content) = resp {
         // Extract the URL from the respose in case redirects occured (like @ gitlab.com)
         let url = content.url().clone();
 
@@ -233,7 +233,11 @@ fn get_icon_url(domain: &str) -> Result<(Vec<Icon>, String), Error> {
         // Add the default favicon.ico to the list with the domain the content responded from.
         iconlist.push(Icon::new(35, url.join("/favicon.ico").unwrap().into_string()));
 
-        let soup = Soup::from_reader(content)?;
+        // 512KB should be more than enough for the HTML, though as we only really need
+        // the HTML header, it could potentially be reduced even further
+        let limited_reader = crate::util::LimitedReader::new(&mut content, 512 * 1024);
+
+        let soup = Soup::from_reader(limited_reader)?;
         // Search for and filter
         let favicons = soup
             .tag("link")
diff --git a/src/util.rs b/src/util.rs
@@ -216,6 +216,33 @@ pub fn delete_file(path: &str) -> IOResult<()> {
     res
 }
 
+pub struct LimitedReader<'a> {
+    reader: &'a mut dyn std::io::Read,
+    limit: usize, // In bytes
+    count: usize,
+}
+impl<'a> LimitedReader<'a> {
+    pub fn new(reader: &'a mut dyn std::io::Read, limit: usize) -> LimitedReader<'a> {
+        LimitedReader {
+            reader,
+            limit,
+            count: 0,
+        }
+    }
+}
+
+impl<'a> std::io::Read for LimitedReader<'a> {
+    fn read(&mut self, buf: &mut [u8]) -> std::io::Result<usize> {
+        self.count += buf.len();
+
+        if self.count > self.limit {
+            Ok(0) // End of the read
+        } else {
+            self.reader.read(buf)
+        }
+    }
+}
+
 const UNITS: [&str; 6] = ["bytes", "KB", "MB", "GB", "TB", "PB"];
 
 pub fn get_display_size(size: i32) -> String {