Read max 6MB from archive to protect against tar/zipbombs

2017-07-12 12:28:03 +02:00 · 2017-07-12 12:28:03 +02:00 · 2777c4c537
parent e525ea2431
commit 2777c4c537
1 changed files with 1 additions and 1 deletions
--- a/plugins/FilePack/FilePackPlugin.py
+++ b/plugins/FilePack/FilePackPlugin.py
@ -66,7 +66,7 @@ class UiRequestPlugin(object):
        return super(UiRequestPlugin, self).actionSiteMedia(path, **kwargs)

    def streamFile(self, file):
-        while 1:
+        for i in range(100):  # Read max 6MB
            try:
                block = file.read(60 * 1024)
                if block: