Reject absurdly long duration strings (fix #4175)

author: Matthew Holt <[email protected]> 2022-09-15 14:25:29 -0600
committer: Matthew Holt <[email protected]> 2022-09-15 14:25:29 -0600
commit: f1f7a2267460c5ed456153a4a04d864fb7865c56 (patch)
tree: 1efbf317c63ad7e354d2ba5d142e61ec93a7893f /caddy.go
parent: 49b7a252641639b25c6578b3682c8e441ba8a451 (diff)
download: caddy-f1f7a2267460c5ed456153a4a04d864fb7865c56.tar.gz
caddy-f1f7a2267460c5ed456153a4a04d864fb7865c56.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/caddy.go b/caddy.go
index 26c149b9b..9595c96c2 100644
--- a/caddy.go
+++ b/caddy.go
@@ -763,8 +763,12 @@ func (d *Duration) UnmarshalJSON(b []byte) error {
 
 // ParseDuration parses a duration string, adding
 // support for the "d" unit meaning number of days,
-// where a day is assumed to be 24h.
+// where a day is assumed to be 24h. The maximum
+// input string length is 1024.
 func ParseDuration(s string) (time.Duration, error) {
+	if len(s) > 1024 {
+		return 0, fmt.Errorf("parsing duration: input string too long")
+	}
 	var inNumber bool
 	var numStart int
 	for i := 0; i < len(s); i++ {
author	Matthew Holt <[email protected]>	2022-09-15 14:25:29 -0600
committer	Matthew Holt <[email protected]>	2022-09-15 14:25:29 -0600
commit	f1f7a2267460c5ed456153a4a04d864fb7865c56 (patch)
tree	1efbf317c63ad7e354d2ba5d142e61ec93a7893f /caddy.go
parent	49b7a252641639b25c6578b3682c8e441ba8a451 (diff)
download	caddy-f1f7a2267460c5ed456153a4a04d864fb7865c56.tar.gz caddy-f1f7a2267460c5ed456153a4a04d864fb7865c56.zip