vault: Limit size of data stored in vault

https://fedorahosted.org/freeipa/ticket/5231 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
author: David Kupka <dkupka@redhat.com> 2015-08-26 14:11:21 +0200
committer: Petr Vobornik <pvoborni@redhat.com> 2015-08-26 16:11:42 +0200
commit: 02ab34c60b5e624ef0653a473316633a5618b07c (patch)
tree: 5cb9d8847a41bb8a9bcdb6a30ec64f313a88b483 /ipalib
parent: 9b0a01930bcefda1f37d7de147fed0856c28296f (diff)
download: freeipa-02ab34c60b5e624ef0653a473316633a5618b07c.tar.gz
freeipa-02ab34c60b5e624ef0653a473316633a5618b07c.tar.xz
freeipa-02ab34c60b5e624ef0653a473316633a5618b07c.zip
1 files changed, 20 insertions, 1 deletions
diff --git a/ipalib/plugins/vault.py b/ipalib/plugins/vault.py
index d06b63d68..ff6c22c64 100644
--- a/ipalib/plugins/vault.py
+++ b/ipalib/plugins/vault.py
@@ -236,6 +236,7 @@ def validated_read(argname, filename, mode='r', encoding=None):
 
 register = Registry()
 
+MAX_VAULT_DATA_SIZE = 2**20  # = 1 MB
 
 vault_options = (
     Str(
@@ -1232,10 +1233,28 @@ class vault_archive(PKQuery, Local):
             raise errors.MutuallyExclusiveError(
                 reason=_('Input data specified multiple times'))
 
+        elif data:
+            if len(data) > MAX_VAULT_DATA_SIZE:
+                raise errors.ValidationError(name="data", error=_(
+                    "Size of data exceeds the limit. Current vault data size "
+                    "limit is %(limit)d B")
+                    % {'limit': MAX_VAULT_DATA_SIZE})
+
         elif input_file:
+            try:
+                stat = os.stat(input_file)
+            except OSError as exc:
+                raise errors.ValidationError(name="in", error=_(
+                    "Cannot read file '%(filename)s': %(exc)s")
+                    % {'filename': input_file, 'exc': exc[1]})
+            if stat.st_size > MAX_VAULT_DATA_SIZE:
+                raise errors.ValidationError(name="in", error=_(
+                    "Size of data exceeds the limit. Current vault data size "
+                    "limit is %(limit)d B")
+                    % {'limit': MAX_VAULT_DATA_SIZE})
             data = validated_read('in', input_file, mode='rb')
 
-        elif not data:
+        else:
             data = ''
 
         if self.api.env.in_server:
author	David Kupka <dkupka@redhat.com>	2015-08-26 14:11:21 +0200
committer	Petr Vobornik <pvoborni@redhat.com>	2015-08-26 16:11:42 +0200
commit	02ab34c60b5e624ef0653a473316633a5618b07c (patch)
tree	5cb9d8847a41bb8a9bcdb6a30ec64f313a88b483 /ipalib
parent	9b0a01930bcefda1f37d7de147fed0856c28296f (diff)
download	freeipa-02ab34c60b5e624ef0653a473316633a5618b07c.tar.gz freeipa-02ab34c60b5e624ef0653a473316633a5618b07c.tar.xz freeipa-02ab34c60b5e624ef0653a473316633a5618b07c.zip