summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMathijs van Veluw <[email protected]>2024-01-28 23:32:09 +0100
committerGitHub <[email protected]>2024-01-28 23:32:09 +0100
commit0f39d965188588ca7f44c24e18802e8b7ff05879 (patch)
tree6ab2e996605081b7f2095af1dca45b7eed735400
parentedf7484a70942de387d59c5d5cf849f24180ba66 (diff)
downloadvaultwarden-0f39d965188588ca7f44c24e18802e8b7ff05879.tar.gz
vaultwarden-0f39d965188588ca7f44c24e18802e8b7ff05879.zip
Fix attachment upload size check (#4282)
The min/max were reversed with the `add` and `sub` functions. This caused the files to always be out of bounds in the check. Fixes #4281
-rw-r--r--src/api/core/ciphers.rs8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
index 3aa4f9d7..b3dca3b6 100644
--- a/src/api/core/ciphers.rs
+++ b/src/api/core/ciphers.rs
@@ -1123,12 +1123,12 @@ async fn save_attachment(
// the client. Upstream allows +/- 1 MiB deviation from this
// size, but it's not clear when or why this is needed.
const LEEWAY: i64 = 1024 * 1024; // 1 MiB
- let Some(min_size) = attachment.file_size.checked_add(LEEWAY) else {
- err!("Invalid attachment size min")
- };
- let Some(max_size) = attachment.file_size.checked_sub(LEEWAY) else {
+ let Some(max_size) = attachment.file_size.checked_add(LEEWAY) else {
err!("Invalid attachment size max")
};
+ let Some(min_size) = attachment.file_size.checked_sub(LEEWAY) else {
+ err!("Invalid attachment size min")
+ };
if min_size <= size && size <= max_size {
if size != attachment.file_size {