ftp_syslog('info', "Beginning upload processing run.");
#
-# -- Filename validation patterns
+# -- Filename validation patterns and limits
#
# Directives use POSIX-style filenames, regardless of what platform we are
# a trailing slash is not allowed
my $RE_filename_relative = qr[$RE_filename_here(?:/$RE_filename_here)*];
+# limit on the length of a filename that will be processed
+use constant MAX_FILE_NAME_LEN => 100;
+
+# limits on the sizes of directive and signature files that will be processed
+use constant MAX_DIRECTIVE_SIZE => 50*1024; # 50 KiB
+use constant MAX_SIGNATURE_SIZE => 50*1024; # 50 KiB
+
#
# -- Configuration sanity check
#
my $ent = $1;
# Don't look at files with really long names, either.
- next if length ($ent) > 100;
+ next if length ($ent) > MAX_FILE_NAME_LEN;
ftp_syslog('debug', "DEBUG: "
."uploaded file to check: $ent") if DEBUG;
$possible{$ent} = 1;
."to $incoming_tmp/$base failed: $!",0);
}
delete $possible{$base};
- } elsif ((-f $directive) && ((-s $directive) >= 50*1024)) {
+ } elsif ((-f $directive) && ((-s $directive) >= MAX_DIRECTIVE_SIZE)) {
rename ("$incoming_dir/$directive", "$incoming_dir/.$directive");
ftp_syslog('info', "directive file ($directive) larger than 50KB");
fatal("The directive file $directive is larger than 50KB. "
."This can not be correct, ignoring upload.",0);
- } elsif ((-f $sig) && ((-s $sig) >= 50*1024)) {
+ } elsif ((-f $sig) && ((-s $sig) >= MAX_SIGNATURE_SIZE)) {
rename ("$incoming_dir/$sig", "$incoming_dir/.$sig");
ftp_syslog('info', "signature file ($sig) larger than 50KB");
fatal("The signature file $sig is larger than 50KB. "
projects / gatekeeper.git / commitdiff