diff options
author | Vladimir Shushlin <v.shushlin@gmail.com> | 2021-11-10 18:38:22 +0300 |
---|---|---|
committer | Vladimir Shushlin <v.shushlin@gmail.com> | 2021-11-11 11:42:42 +0300 |
commit | bf9c79a5477b61f375be659e2e16f377067d9c00 (patch) | |
tree | fbd7c2ceece4af9fc87e45c43679a725015e7588 /internal/config | |
parent | aa897ce9849d35cd7ff1121351f1033e91d0c062 (diff) |
fix: reject requests with very long URIs
Some parts of the application may be vulnerable to very long URIs being passed.
E.g. Auth will try to save URI to session cookie, and it will fails, which will result in 500 error
Changelog: fixed
Diffstat (limited to 'internal/config')
-rw-r--r-- | internal/config/config.go | 4 | ||||
-rw-r--r-- | internal/config/flags.go | 1 |
2 files changed, 5 insertions, 0 deletions
diff --git a/internal/config/config.go b/internal/config/config.go index 3e03f7d6..c6f91db0 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -47,6 +47,7 @@ type Config struct { type General struct { Domain string MaxConns int + MaxURILength int MetricsAddress string RedirectHTTP bool RootCertificate []byte @@ -181,6 +182,7 @@ func loadConfig() (*Config, error) { General: General{ Domain: strings.ToLower(*pagesDomain), MaxConns: *maxConns, + MaxURILength: *maxURILength, MetricsAddress: *metricsAddress, RedirectHTTP: *redirectHTTP, RootDir: *pagesRoot, @@ -307,6 +309,8 @@ func LogConfig(config *Config) { "enable-disk": config.GitLab.EnableDisk, "auth-redirect-uri": config.Authentication.RedirectURI, "auth-scope": config.Authentication.Scope, + "max-conns": config.General.MaxConns, + "max-uri-length": config.General.MaxURILength, "zip-cache-expiration": config.Zip.ExpirationInterval, "zip-cache-cleanup": config.Zip.CleanupInterval, "zip-cache-refresh": config.Zip.RefreshInterval, diff --git a/internal/config/flags.go b/internal/config/flags.go index c61447c7..6c9bd4a6 100644 --- a/internal/config/flags.go +++ b/internal/config/flags.go @@ -51,6 +51,7 @@ var ( redirectURI = flag.String("auth-redirect-uri", "", "GitLab application redirect URI") authScope = flag.String("auth-scope", "api", "Scope to be used for authentication (must match GitLab Pages OAuth application settings)") maxConns = flag.Int("max-conns", 0, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners, 0 for no limit") + maxURILength = flag.Int("max-uri-length", 1024, "Limit the length of URI, 0 for unlimited.") insecureCiphers = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4") tlsMinVersion = flag.String("tls-min-version", "tls1.2", tls.FlagUsage("min")) tlsMaxVersion = flag.String("tls-max-version", "", tls.FlagUsage("max")) |