Skip to content

Commit

Permalink
feat: added decompression bomb protection
Browse files Browse the repository at this point in the history
  • Loading branch information
@Ice3man543
Ice3man543 committed May 2, 2024
1 parent 1e40ad2 commit afabdf4
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion http/normalization.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,10 @@ func readNNormalizeRespBody(rc *ResponseChain, body *bytes.Buffer) (err error) {
if err != nil {
wrapped = origBody
}
limitReader := io.LimitReader(wrapped, 2*MaxBodyRead)

// read response body to buffer
_, err = body.ReadFrom(wrapped)
_, err = body.ReadFrom(limitReader)
if err != nil {
if strings.Contains(err.Error(), "gzip: invalid header") {
// its invalid gzip but we will still use it from original body
Expand Down

0 comments on commit afabdf4

Please sign in to comment.