From: Mark Wooding <mdw@distorted.org.uk>
Date: Fri, 24 Jul 2015 17:46:40 +0000 (+0100)
Subject: lib/Odin.pm, mason/pastebin/dhandler: Apply a size limit on pastes.
X-Git-Url: https://git.distorted.org.uk/~mdw/odin-cgi/commitdiff_plain/fc8074b35d1b16d35726247fcc0dc86d59b83a3a

lib/Odin.pm, mason/pastebin/dhandler: Apply a size limit on pastes.
---

diff --git a/lib/Odin.pm b/lib/Odin.pm
index 551c51f..26a2f80 100644
--- a/lib/Odin.pm
+++ b/lib/Odin.pm
@@ -33,6 +33,8 @@ our @URLPAT = (
   qr{^https?://}
 );
 
+our $PASTEMAXLEN = 1024*1024;
+
 our %COOKIE_DEFAULTS = (
   -httponly => undef,
   -max_age => 3600
@@ -427,6 +429,8 @@ sub tidy_pastebin_content ($) {
   return undef unless defined $content;
   $content =~ tr/\r//d;
   $content =~ s/([^\n])\z/$1\n/;
+  length $content <= $PASTEMAXLEN or
+    fail "invalid paste content", ".badpaste";
   return $content;
 }
 
diff --git a/mason/pastebin/dhandler b/mason/pastebin/dhandler
index d798eef..8583981 100644
--- a/mason/pastebin/dhandler
+++ b/mason/pastebin/dhandler
@@ -76,6 +76,15 @@ tag &lsquo;<% $tag %>&rsquo; not found
 </%args>
 </%def>
 %#
+<%def .badpaste>
+<&| SELF:error, status => 400 &>\
+invalid paste content
+</&>
+<%args>
+	$tag
+</%args>
+</%def>
+%#
 <%def .badhash>
 <&| SELF:error, status => 403 &>\
 incorrect edit key