From 8f37f967e0fc677fa54c9beea988dc331e35718f Mon Sep 17 00:00:00 2001
From: Armon Dadgar <armon.dadgar@gmail.com>
Date: Tue, 6 May 2014 14:18:32 -0700
Subject: [PATCH] agent: Limit KV entries to 512KB. Fixes #123.

---
 command/agent/kvs_endpoint.go | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/command/agent/kvs_endpoint.go b/command/agent/kvs_endpoint.go
index 564707566a..c12d647dd5 100644
--- a/command/agent/kvs_endpoint.go
+++ b/command/agent/kvs_endpoint.go
@@ -2,6 +2,7 @@ package agent
 
 import (
 	"bytes"
+	"fmt"
 	"github.com/hashicorp/consul/consul/structs"
 	"io"
 	"net/http"
@@ -9,6 +10,13 @@ import (
 	"strings"
 )
 
+const (
+	// maxKVSize is used to limit the maximum payload length
+	// of a KV entry. If it exceeds this amount, the client is
+	// likely abusing the KV store.
+	maxKVSize = 512 * 1024
+)
+
 func (s *HTTPServer) KVSEndpoint(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
 	// Set default DC
 	args := structs.KeyRequest{}
@@ -144,6 +152,13 @@ func (s *HTTPServer) KVSPut(resp http.ResponseWriter, req *http.Request, args *s
 		applyReq.Op = structs.KVSCAS
 	}
 
+	// Check the content-length
+	if req.ContentLength > maxKVSize {
+		resp.WriteHeader(413)
+		resp.Write([]byte(fmt.Sprintf("Value exceeds %d byte limit", maxKVSize)))
+		return nil, nil
+	}
+
 	// Copy the value
 	buf := bytes.NewBuffer(nil)
 	if _, err := io.Copy(buf, req.Body); err != nil {