github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Use limited reader for some ReadAll cases.

Browse Source 
Prevents a server from sending a large response causing containerd to
allocate too much RAM and potentially OOM.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This commit is contained in:
Brian Goff
2017-10-13 17:00:39 -04:00
parent c66fd83eae
commit 6eb56a2ec9
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
remotes/docker/schema1/converter.go
View File

@@ -26,6 +26,8 @@ import (
"github.com/pkg/errors"
)
const manifestSizeLimit = 8e6 // 8MB
var (
mediaTypeManifest = "application/vnd.docker.distribution.manifest.v1+json"
)
@@ -177,7 +179,7 @@ func (c *Converter) fetchManifest(ctx context.Context, desc ocispec.Descriptor)
return err
}
b, err := ioutil.ReadAll(rc)
b, err := ioutil.ReadAll(io.LimitReader(rc, manifestSizeLimit)) // limit to 8MB
rc.Close()
if err != nil {
return err