psi-jack/0x0
1
0
Fork 0
mirror of https://git.0x0.st/mia/0x0.git synced 2024-11-09 11:48:59 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

store_url: only accept identity content encoding

Browse source 
Some servers (like IPFS gateways) will use chunked transfer encoding on
anything but identity content encoding. Also, probably fix a potential
zip bomb vulnerability.
This commit is contained in:
Martin Herkt 2017-10-30 05:36:03 +01:00
parent 04b46bd01a
commit b2d830e2aa
No known key found for this signature in database
GPG key ID: C24B9CD04DC6AE7F
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
fhost.py
View file

@ -234,7 +234,8 @@ def store_url(url, addr):
if is_fhost_url(url):
return segfault(508)
r = requests.get(url, stream=True, verify=False)
h = { "Accept-Encoding" : "identity" }
r = requests.get(url, stream=True, verify=False, headers=h)
try:
r.raise_for_status()