Added parameters for max filesize for local files and allowed local media path

Author: cchadowitz

common/arg.cpp

@@ -3281,6 +3281,20 @@ common_params_context common_params_parser_init(common_params & params, llama_ex
             params.port = value;
         }
     ).set_examples({LLAMA_EXAMPLE_SERVER}).set_env("LLAMA_ARG_PORT"));
+    add_opt(common_arg(
+        {"--allowed-local-media-path"}, "PATH",
+        string_format("path from which local media files are allowed to be read from (default: none)"),
+        [](common_params & params, const std::string & value) {
+            params.allowed_local_media_path = value;
+        }
+    ).set_examples({LLAMA_EXAMPLE_SERVER}).set_env("LLAMA_ARG_ALLOWED_LOCAL_MEDIA_PATH"));
+    add_opt(common_arg(
+        {"--local-media-max-size-mb"}, "N",
+        string_format("max size in mb for local media files (default: %d)", 15), // 15MB
+        [](common_params & params, int value) {
+            params.local_media_max_size_mb = value;
+        }
+    ).set_examples({LLAMA_EXAMPLE_SERVER}).set_env("LLAMA_ARG_LOCAL_MEDIA_MAX_SIZE_MB"));
     add_opt(common_arg(
         {"--path"}, "PATH",
         string_format("path to serve static files from (default: %s)", params.public_path.c_str()),

common/common.h

@@ -427,9 +427,11 @@ struct common_params {
     int32_t n_cache_reuse     = 0;            // min chunk size to reuse from the cache via KV shifting
     int32_t n_ctx_checkpoints = 8;            // max number of context checkpoints per slot
     int32_t cache_ram_mib     = 8192;         // -1 = no limit, 0 - disable, 1 = 1 MiB, etc.
+    int32_t local_media_max_size_mb = 15; // max size of loaded local media files
 
     std::string hostname      = "127.0.0.1";
     std::string public_path   = "";                                                                         // NOLINT
+    std::string allowed_local_media_path = "";                                                              // NOLINT
     std::string api_prefix    = "";                                                                         // NOLINT
     std::string chat_template = "";                                                                         // NOLINT
     bool use_jinja = false;                                                                                 // NOLINT

tools/server/server.cpp

@@ -2585,6 +2585,8 @@ struct server_context {
             /* allow_image           */ mctx ? mtmd_support_vision(mctx) : false,
             /* allow_audio           */ mctx ? mtmd_support_audio (mctx) : false,
             /* enable_thinking       */ enable_thinking,
+	    /* local_media_max_size_mb */ params_base.local_media_max_size_mb,
+	    /* allowed_local_media_path */ params_base.allowed_local_media_path,
         };
     }
 

tools/server/utils.hpp

@@ -528,6 +528,8 @@ struct oaicompat_parser_options {
     bool allow_image;
     bool allow_audio;
     bool enable_thinking = true;
+    int32_t local_media_max_size_mb;
+    std::string allowed_local_media_path;
 };
 
 // used by /chat/completions endpoint
@@ -637,17 +639,31 @@ static json oaicompat_chat_params_parse(
                     }
 
                 } else if (string_starts_with(url, "file://")) {
-		    // Strip off the leading "file://"
-		    std::string fname = url.substr(7);
-		    // load local file path
-		    raw_buffer buf;
+                    // Strip off the leading "file://"
+                    std::string fname = url.substr(7);
+                    std::vector<std::string> fparts = string_split<std::string>(fname, std::filesystem::path::preferred_separator);
+                    for (const auto &piece : fparts) {
+                        if (piece != "" && !fs_validate_filename(piece)) {
+                            throw std::runtime_error("Invalid filename piece '" + piece + "': " + fname);
+                        }
+                    }
+                    // Check allowed local media path - fs_validate_filename already validated that there is no ".." or "."
+                    if (opt.allowed_local_media_path == "" || !string_starts_with(fname, opt.allowed_local_media_path)) {
+                        throw std::runtime_error("File path not allowed");
+                    }
+                    // load local file path
+                    raw_buffer buf;
                     FILE * f = fopen(fname.c_str(), "rb");
                     if (!f) {
                         LOG_ERR("Unable to open file %s: %s\n", fname.c_str(), strerror(errno));
                         throw std::runtime_error("Unable to open image file");
                     }
                     fseek(f, 0, SEEK_END);
                     long file_size = ftell(f);
+                    if (file_size > opt.local_media_max_size_mb * 1024 * 1024) {
+                        fclose(f);
+                        throw std::runtime_error("Local file exceeds maximum allowed size");
+                    }
                     fseek(f, 0, SEEK_SET);
                     buf.resize(file_size);
                     size_t n_read = fread(buf.data(), 1, file_size, f);
@@ -656,9 +672,9 @@ static json oaicompat_chat_params_parse(
                         LOG_ERR("Failed to read entire file %s", fname.c_str());
                         throw std::runtime_error("Failed to read entire image file");
                     }
-		    out_files.push_back(buf);
+                    out_files.push_back(buf);
 
-		} else {
+                } else {
                     // try to decode base64 image
                     std::vector<std::string> parts = string_split<std::string>(url, /*separator*/ ',');
                     if (parts.size() != 2) {