aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/org/traccar/api/resource
diff options
context:
space:
mode:
authorAnton Tananaev <anton@traccar.org>2024-04-04 08:39:22 -0700
committerAnton Tananaev <anton@traccar.org>2024-04-04 08:39:22 -0700
commite001c629d89e75fae1b13f69fb71517b134f3e09 (patch)
treec0ca0be4a933a56914ecf5cd995d9c2e0ecda374 /src/main/java/org/traccar/api/resource
parentb099b298f90074c825ba68ce73532933c7b9d901 (diff)
downloadtrackermap-server-e001c629d89e75fae1b13f69fb71517b134f3e09.tar.gz
trackermap-server-e001c629d89e75fae1b13f69fb71517b134f3e09.tar.bz2
trackermap-server-e001c629d89e75fae1b13f69fb71517b134f3e09.zip
Limit image file size
Diffstat (limited to 'src/main/java/org/traccar/api/resource')
-rw-r--r--src/main/java/org/traccar/api/resource/DeviceResource.java15
1 files changed, 14 insertions, 1 deletions
diff --git a/src/main/java/org/traccar/api/resource/DeviceResource.java b/src/main/java/org/traccar/api/resource/DeviceResource.java
index 2edb0d16d..56253152f 100644
--- a/src/main/java/org/traccar/api/resource/DeviceResource.java
+++ b/src/main/java/org/traccar/api/resource/DeviceResource.java
@@ -62,6 +62,9 @@ import java.util.List;
@Consumes(MediaType.APPLICATION_JSON)
public class DeviceResource extends BaseObjectResource<Device> {
+ private static final int DEFAULT_BUFFER_SIZE = 8192;
+ private static final int IMAGE_SIZE_LIMIT = 500000;
+
@Inject
private Config config;
@@ -206,7 +209,17 @@ public class DeviceResource extends BaseObjectResource<Device> {
String extension = imageExtension(type);
try (var input = new FileInputStream(file);
var output = mediaManager.createFileStream(device.getUniqueId(), name, extension)) {
- input.transferTo(output);
+
+ long transferred = 0;
+ byte[] buffer = new byte[DEFAULT_BUFFER_SIZE];
+ int read;
+ while ((read = input.read(buffer, 0, buffer.length)) >= 0) {
+ output.write(buffer, 0, read);
+ transferred += read;
+ if (transferred > IMAGE_SIZE_LIMIT) {
+ throw new IllegalArgumentException("Image size limit exceeded");
+ }
+ }
}
return Response.ok(name + "." + extension).build();
}