From 8dd890c2000a3e3c729622541dee0286d51c90a8 Mon Sep 17 00:00:00 2001
From: tastytea <tastytea@tastytea.de>
Date: Mon, 29 Jun 2020 22:41:42 +0200
Subject: [PATCH] Add size limit for files.

---
 src/cgi.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/cgi.cpp b/src/cgi.cpp
index c8091f0..0e57a02 100644
--- a/src/cgi.cpp
+++ b/src/cgi.cpp
@@ -58,6 +58,11 @@ entry_type parse_formdata()
         const auto screenshot = cgi.getFile("screenshot");
         if (screenshot != cgi.getFiles().end())
         {
+            constexpr size_t size_limit{1024 * 1024 * 2}; // 2 MiB.
+            if (screenshot->getDataLength() > size_limit)
+            {
+                throw runtime_error{"Filesize too big"};
+            }
             string filepath{fs::temp_directory_path()
                             / "fediblock-backend-XXXXXX"};
             if (mkstemp(&filepath[0]) == -1) // mkstemp() modifies filepath.
@@ -82,7 +87,7 @@ entry_type parse_formdata()
     catch (const exception &e)
     {
         cerr << e.what() << '\n';
-        // TODO: Error handling.
+        // TODO: Make errors visible to the user in a helpful way.
     }
 
     return entry;