From 2f3db01c2fda3e5c0531e4d743c32e3e55865744 Mon Sep 17 00:00:00 2001 From: Sarah Jamie Lewis Date: Fri, 4 Feb 2022 12:48:39 -0800 Subject: [PATCH] Restrict Downloads to Max Sizes (for both default and image / profile previews) --- go.mod | 2 +- go.sum | 4 ++-- lib.go | 4 +++- utils/eventHandler.go | 4 ++-- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 532f122..230b838 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module git.openprivacy.ca/cwtch.im/libcwtch-go go 1.15 require ( - cwtch.im/cwtch v0.14.19 + cwtch.im/cwtch v0.15.0 git.openprivacy.ca/cwtch.im/server v1.4.2 git.openprivacy.ca/openprivacy/connectivity v1.8.1 git.openprivacy.ca/openprivacy/log v1.0.3 diff --git a/go.sum b/go.sum index 00a61f8..5894d50 100644 --- a/go.sum +++ b/go.sum @@ -11,8 +11,8 @@ cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqCl cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cwtch.im/cwtch v0.14.9/go.mod h1:/fLuoYLY/7JHw6RojFojpd245CiOcU24QpWqzh9FRDI= -cwtch.im/cwtch v0.14.19 h1:Vg2OyUkSpYecrOU2M3mLF/PDyUZZSxk8HG55uimja58= -cwtch.im/cwtch v0.14.19/go.mod h1:lG9e5RUib+SbX2XsjWtHKJWz9geoIglSAq55LrCm8Io= +cwtch.im/cwtch v0.15.0 h1:pKuuOqqynblr9ska+c37Kblat9l/0jhCDZN4YBr2Cj0= +cwtch.im/cwtch v0.15.0/go.mod h1:lG9e5RUib+SbX2XsjWtHKJWz9geoIglSAq55LrCm8Io= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= filippo.io/edwards25519 v1.0.0-rc.1 h1:m0VOOB23frXZvAOK44usCgLWvtsxIoMCTBGJZlpmGfU= filippo.io/edwards25519 v1.0.0-rc.1/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns= diff --git a/lib.go b/lib.go index a28bfba..25e0390 100644 --- a/lib.go +++ b/lib.go @@ -8,6 +8,7 @@ import "C" import ( "crypto/rand" + "cwtch.im/cwtch/protocol/files" "encoding/json" "fmt" "io/ioutil" @@ -771,7 +772,8 @@ func DownloadFile(profileOnion string, conversationID int, filepath, manifestpat if err != nil { log.Errorf("file sharing error: %v", err) } else { - fh.DownloadFile(profile, conversationID, filepath, manifestpath, filekey) + // default to max 10 GB limit... + fh.DownloadFile(profile, conversationID, filepath, manifestpath, filekey, files.MaxManifestSize*files.DefaultChunkSize) } } diff --git a/utils/eventHandler.go b/utils/eventHandler.go index f74679b..db634cd 100644 --- a/utils/eventHandler.go +++ b/utils/eventHandler.go @@ -457,7 +457,7 @@ func (eh *EventHandler) handleProfileEvent(ev *EventProfileEnvelope) string { ev.Event.Data[event.FileDownloadFinished] = constants.True } else { ev.Event.Data[event.FileDownloadFinished] = constants.False - fsf.DownloadFile(profile, conversation.ID, fp, mp, val) + fsf.DownloadFile(profile, conversation.ID, fp, mp, val, constants.ImagePreviewMaxSizeInBytes) } } else { return "" @@ -569,7 +569,7 @@ func handleImagePreviews(profile peer.CwtchPeer, ev *event.Event, conversationID ev.Data["Auto"] = constants.True mID, _ := strconv.Atoi(ev.Data["Index"]) profile.UpdateMessageAttribute(conversationID, 0, mID, constants.AttrDownloaded, constants.True) - fh.DownloadFile(profile, senderID, fp, mp, fm.FileKey()) + fh.DownloadFile(profile, senderID, fp, mp, fm.FileKey(), constants.ImagePreviewMaxSizeInBytes) } } }