From 61c88e399b285848d86b7b8a45f01c65243bcb23 Mon Sep 17 00:00:00 2001
From: Jacob Weinstock <jakobweinstock@gmail.com>
Date: Tue, 12 Sep 2023 21:42:39 -0600
Subject: [PATCH] Be more defensive with the response body:

Moving the response body copy to after the
content length check and only coping the
resp.Contentlegnth should give us more
defense against malicious actors.

Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
---
 providers/rpc/rpc.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/providers/rpc/rpc.go b/providers/rpc/rpc.go
index 396c48ff..4651caaa 100644
--- a/providers/rpc/rpc.go
+++ b/providers/rpc/rpc.go
@@ -333,15 +333,15 @@ func (p *Provider) process(ctx context.Context, rp RequestPayload) (ResponsePayl
 		return ResponsePayload{}, err
 	}
 	defer resp.Body.Close()
-	respBuf := new(bytes.Buffer)
-	if _, err := io.Copy(respBuf, resp.Body); err != nil {
-		return ResponsePayload{}, fmt.Errorf("failed to read response body: %w", err)
-	}
 
 	// handle the response
 	if resp.ContentLength > maxContentLenAllowed || resp.ContentLength < 0 {
 		return ResponsePayload{}, fmt.Errorf("response body is too large: %d bytes, max allowed: %d bytes", resp.ContentLength, maxContentLenAllowed)
 	}
+	respBuf := new(bytes.Buffer)
+	if _, err := io.CopyN(respBuf, resp.Body, resp.ContentLength); err != nil {
+		return ResponsePayload{}, fmt.Errorf("failed to read response body: %w", err)
+	}
 	respPayload, err := p.handleResponse(resp.StatusCode, resp.Header, respBuf, kvs)
 	if err != nil {
 		return ResponsePayload{}, err