vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

server: validate labels size to avoid dos

Browse source 
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
This commit is contained in:
Antonio Murdaca 2017-11-11 12:00:48 +01:00
parent befd719812
commit 33f699bad4
No known key found for this signature in database
GPG key ID: B2BEAD150DE936B9
3 changed files with 22 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
server/utils.go
View file

@ -18,6 +18,8 @@ const (
// According to http://man7.org/linux/man-pages/man5/resolv.conf.5.html:
// "The search list is currently limited to six domains with a total of 256 characters."
maxDNSSearches = 6
maxLabelSize = 4096
)
func copyFile(src, dest string) error {
@ -196,3 +198,15 @@ func recordError(operation string, err error) {
metrics.CRIOOperationsErrors.WithLabelValues(operation).Inc()
}
}
func validateLabels(labels map[string]string) error {
for k, v := range labels {
if (len(k) + len(v)) > maxLabelSize {
if len(k) > 10 {
k = k[:10]
}
return fmt.Errorf("label key and value greater than maximum size (%d bytes), key: %s", maxLabelSize, k)
}
}
return nil
}