From 0333648e1779e026b0dc2329a94cbf2cfb2ba8bb Mon Sep 17 00:00:00 2001
From: dev <dev@d6811dac-2434-b64a-9ddc-f563ab233461>
Date: Mon, 11 Oct 2021 15:12:39 +0000
Subject: [PATCH] Prevent writing more data than expected

git-svn-id: file:///srv/svn/repo/marisa/trunk@4 d6811dac-2434-b64a-9ddc-f563ab233461
---
 partage.go | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/partage.go b/partage.go
index 37e727b..9163b0e 100644
--- a/partage.go
+++ b/partage.go
@@ -32,35 +32,36 @@ func contenttype(f *os.File) string {
 	return mime
 }
 
-func writefile(f *os.File, s io.ReadCloser) int {
+func writefile(f *os.File, s io.ReadCloser) int64 {
 	buffer := make([]byte, 4096)
+	eof := false
+	sz := int64(0)
 
-	var sz int
+	defer f.Sync()
 
-	for {
+	for !eof {
 		n, err := s.Read(buffer)
-
-		if err == io.EOF {
-			n, err := f.Write(buffer[:n])
-			if err != nil {
-				fmt.Println(err)
-			}
-			sz += n
-			break
-		}
-		if err != nil {
+		if err != nil && err != io.EOF {
 			fmt.Println(err)
 			return -1
+		} else if err == io.EOF {
+			eof = true
 		}
 
-		n, err = f.Write(buffer[:n])
+		/* ensure we don't write more than expected */
+		r := int64(n)
+		if sz+r > conf.maxsize {
+			r = conf.maxsize - sz
+			eof = true
+		}
+
+		_, err = f.Write(buffer[:r])
 		if err != nil {
 			fmt.Println(err)
 		}
-		sz += n
+		sz += r
 	}
 
-	f.Sync()
 	return sz
 }
 
@@ -132,7 +133,7 @@ func parse(w http.ResponseWriter, r *http.Request) {
 		if r.URL.Path == "/" {
 			filename = "/index.html"
 		}
-		
+
 		f, err := os.Open(conf.rootdir + filename)
 		if err != nil {
 			w.WriteHeader(http.StatusNotFound)