Merge pull request ethereum#1370 from maticnetwork/mardizzone/fixes

marcello33 · web-flow · commit 70f3205cd9a4 · 2024-10-31T23:10:04.000+01:00
Limit bytes during response body read
diff --git a/consensus/bor/heimdall/client.go b/consensus/bor/heimdall/client.go
@@ -31,9 +31,10 @@ var (
 )
 
 const (
-	stateFetchLimit    = 50
-	apiHeimdallTimeout = 5 * time.Second
-	retryCall          = 5 * time.Second
+	heimdallAPIBodyLimit = 128 * 1024 * 1024 // 128 MB
+	stateFetchLimit      = 50
+	apiHeimdallTimeout   = 5 * time.Second
+	retryCall            = 5 * time.Second
 )
 
 type StateSyncEventsResponse struct {
@@ -455,8 +456,11 @@ func internalFetch(ctx context.Context, client http.Client, u *url.URL) ([]byte,
 		return nil, nil
 	}
 
+	// Limit the number of bytes read from the response body
+	limitedBody := http.MaxBytesReader(nil, res.Body, heimdallAPIBodyLimit)
+
 	// get response
-	body, err := io.ReadAll(res.Body)
+	body, err := io.ReadAll(limitedBody)
 	if err != nil {
 		return nil, err
 	}

Original file line number	Diff line number	Diff line change
`@@ -31,9 +31,10 @@ var (`
`31`	`31`	`)`
`32`	`32`
`33`	`33`	`const (`
`34`		`- stateFetchLimit = 50`
`35`		`- apiHeimdallTimeout = 5 * time.Second`
`36`		`- retryCall = 5 * time.Second`
	`34`	`+ heimdallAPIBodyLimit = 128 * 1024 * 1024 // 128 MB`
	`35`	`+ stateFetchLimit = 50`
	`36`	`+ apiHeimdallTimeout = 5 * time.Second`
	`37`	`+ retryCall = 5 * time.Second`
`37`	`38`	`)`
`38`	`39`
`39`	`40`	`type StateSyncEventsResponse struct {`
`@@ -455,8 +456,11 @@ func internalFetch(ctx context.Context, client http.Client, u *url.URL) ([]byte,`
`455`	`456`	`return nil, nil`
`456`	`457`	`}`
`457`	`458`
	`459`	`+ // Limit the number of bytes read from the response body`
	`460`	`+ limitedBody := http.MaxBytesReader(nil, res.Body, heimdallAPIBodyLimit)`
	`461`	`+`
`458`	`462`	`// get response`
`459`		`- body, err := io.ReadAll(res.Body)`
	`463`	`+ body, err := io.ReadAll(limitedBody)`
`460`	`464`	`if err != nil {`
`461`	`465`	`return nil, err`
`462`	`466`	`}`