agent: Limit KV entries to 512KB. Fixes #123.

2025-01-22 11:40:06 +00:00 · 2014-05-06 14:18:32 -07:00 · 2014-05-06 14:18:32 -07:00 · 8f37f967e0
commit 8f37f967e0
parent 4a80e73df4
1 changed files with 15 additions and 0 deletions
--- a/command/agent/kvs_endpoint.go
+++ b/command/agent/kvs_endpoint.go
@ -2,6 +2,7 @@ package agent

 import (
 	"bytes"
+	"fmt"
 	"github.com/hashicorp/consul/consul/structs"
 	"io"
 	"net/http"
@ -9,6 +10,13 @@ import (
 	"strings"
 )

+const (
+	// maxKVSize is used to limit the maximum payload length
+	// of a KV entry. If it exceeds this amount, the client is
+	// likely abusing the KV store.
+	maxKVSize = 512 * 1024
+)
+
 func (s *HTTPServer) KVSEndpoint(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
 	// Set default DC
 	args := structs.KeyRequest{}
@ -144,6 +152,13 @@ func (s *HTTPServer) KVSPut(resp http.ResponseWriter, req *http.Request, args *s
 		applyReq.Op = structs.KVSCAS
 	}

+	// Check the content-length
+	if req.ContentLength > maxKVSize {
+		resp.WriteHeader(413)
+		resp.Write([]byte(fmt.Sprintf("Value exceeds %d byte limit", maxKVSize)))
+		return nil, nil
+	}
+
 	// Copy the value
 	buf := bytes.NewBuffer(nil)
 	if _, err := io.Copy(buf, req.Body); err != nil {