[Backport 7.x] Throw if the content length is too big (#1361)

Co-authored-by: Tomas Della Vedova <delvedor@users.noreply.github.com>
This commit is contained in:
github-actions[bot]
2020-11-24 09:49:07 +01:00
committed by GitHub
parent d32c8bca81
commit 92f31d467c
2 changed files with 77 additions and 1 deletions

View File

@ -22,6 +22,7 @@
const debug = require('debug')('elasticsearch')
const os = require('os')
const { gzip, unzip, createGzip } = require('zlib')
const buffer = require('buffer')
const ms = require('ms')
const {
ConnectionError,
@ -35,6 +36,8 @@ const noop = () => {}
const clientVersion = require('../package.json').version
const userAgent = `elasticsearch-js/${clientVersion} (${os.platform()} ${os.release()}-${os.arch()}; Node.js ${process.version})`
const MAX_BUFFER_LENGTH = buffer.constants.MAX_LENGTH
const MAX_STRING_LENGTH = buffer.constants.MAX_STRING_LENGTH
class Transport {
constructor (opts) {
@ -218,6 +221,22 @@ class Transport {
const contentEncoding = (result.headers['content-encoding'] || '').toLowerCase()
const isCompressed = contentEncoding.indexOf('gzip') > -1 || contentEncoding.indexOf('deflate') > -1
/* istanbul ignore else */
if (result.headers['content-length'] !== undefined) {
const contentLength = Number(result.headers['content-length'])
if (isCompressed && contentLength > MAX_BUFFER_LENGTH) {
response.destroy()
return onConnectionError(
new RequestAbortedError(`The content length (${contentLength}) is bigger than the maximum allowed buffer (${MAX_BUFFER_LENGTH})`, result)
)
} else if (contentLength > MAX_STRING_LENGTH) {
response.destroy()
return onConnectionError(
new RequestAbortedError(`The content length (${contentLength}) is bigger than the maximum allowed string (${MAX_STRING_LENGTH})`, result)
)
}
}
// if the response is compressed, we must handle it
// as buffer for allowing decompression later
let payload = isCompressed ? [] : ''