diff options
author | Anton Tananaev <anton@traccar.org> | 2024-04-04 08:39:22 -0700 |
---|---|---|
committer | Anton Tananaev <anton@traccar.org> | 2024-04-04 08:39:22 -0700 |
commit | e001c629d89e75fae1b13f69fb71517b134f3e09 (patch) | |
tree | c0ca0be4a933a56914ecf5cd995d9c2e0ecda374 /src/main/java/org/traccar/api | |
parent | b099b298f90074c825ba68ce73532933c7b9d901 (diff) | |
download | trackermap-server-e001c629d89e75fae1b13f69fb71517b134f3e09.tar.gz trackermap-server-e001c629d89e75fae1b13f69fb71517b134f3e09.tar.bz2 trackermap-server-e001c629d89e75fae1b13f69fb71517b134f3e09.zip |
Limit image file size
Diffstat (limited to 'src/main/java/org/traccar/api')
-rw-r--r-- | src/main/java/org/traccar/api/resource/DeviceResource.java | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/main/java/org/traccar/api/resource/DeviceResource.java b/src/main/java/org/traccar/api/resource/DeviceResource.java index 2edb0d16d..56253152f 100644 --- a/src/main/java/org/traccar/api/resource/DeviceResource.java +++ b/src/main/java/org/traccar/api/resource/DeviceResource.java @@ -62,6 +62,9 @@ import java.util.List; @Consumes(MediaType.APPLICATION_JSON) public class DeviceResource extends BaseObjectResource<Device> { + private static final int DEFAULT_BUFFER_SIZE = 8192; + private static final int IMAGE_SIZE_LIMIT = 500000; + @Inject private Config config; @@ -206,7 +209,17 @@ public class DeviceResource extends BaseObjectResource<Device> { String extension = imageExtension(type); try (var input = new FileInputStream(file); var output = mediaManager.createFileStream(device.getUniqueId(), name, extension)) { - input.transferTo(output); + + long transferred = 0; + byte[] buffer = new byte[DEFAULT_BUFFER_SIZE]; + int read; + while ((read = input.read(buffer, 0, buffer.length)) >= 0) { + output.write(buffer, 0, read); + transferred += read; + if (transferred > IMAGE_SIZE_LIMIT) { + throw new IllegalArgumentException("Image size limit exceeded"); + } + } } return Response.ok(name + "." + extension).build(); } |