Be more defensive with the response body:

Moving the response body copy to after the content length check and only coping the resp.Contentlegnth should give us more defense against malicious actors. Signed-off-by: Jacob Weinstock <[email protected]>
bmc-toolbox · Sep 13, 2023 · 61c88e3 · 61c88e3
1 parent 6440d17
commit 61c88e3
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/providers/rpc/rpc.go b/providers/rpc/rpc.go
@@ -333,15 +333,15 @@ func (p *Provider) process(ctx context.Context, rp RequestPayload) (ResponsePayl
 		return ResponsePayload{}, err
 	}
 	defer resp.Body.Close()
-	respBuf := new(bytes.Buffer)
-	if _, err := io.Copy(respBuf, resp.Body); err != nil {
-		return ResponsePayload{}, fmt.Errorf("failed to read response body: %w", err)
-	}
 
 	// handle the response
 	if resp.ContentLength > maxContentLenAllowed || resp.ContentLength < 0 {
 		return ResponsePayload{}, fmt.Errorf("response body is too large: %d bytes, max allowed: %d bytes", resp.ContentLength, maxContentLenAllowed)
 	}
+	respBuf := new(bytes.Buffer)
+	if _, err := io.CopyN(respBuf, resp.Body, resp.ContentLength); err != nil {
+		return ResponsePayload{}, fmt.Errorf("failed to read response body: %w", err)
+	}
 	respPayload, err := p.handleResponse(resp.StatusCode, resp.Header, respBuf, kvs)
 	if err != nil {
 		return ResponsePayload{}, err