[CalendarServer-changes] [3460] CalendarServer/trunk/twistedcaldav/method/put_common.py

source_changes at macosforge.org source_changes at macosforge.org
Thu Dec 4 14:01:10 PST 2008 

Revision: 3460
          http://trac.macosforge.org/projects/calendarserver/changeset/3460
Author:   cdaboo at apple.com
Date:     2008-12-04 14:01:10 -0800 (Thu, 04 Dec 2008)
Log Message:
-----------
Do size check before doing any calendar data parsing.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/method/put_common.py

Modified: CalendarServer/trunk/twistedcaldav/method/put_common.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/method/put_common.py	2008-12-04 21:56:53 UTC (rev 3459)
+++ CalendarServer/trunk/twistedcaldav/method/put_common.py	2008-12-04 22:01:10 UTC (rev 3460)
@@ -287,6 +287,20 @@
                 log.err(message)
                 raise HTTPError(StatusResponse(responsecode.FORBIDDEN, "Resource name not allowed"))
 
+            # Valid data sizes - do before parsing the data
+            if self.source is not None:
+                # Valid content length check on the source resource
+                result, message = self.validContentLength()
+                if not result:
+                    log.err(message)
+                    raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "max-resource-size")))
+            else:
+                # Valid calendar data size check
+                result, message = self.validSizeCheck()
+                if not result:
+                    log.err(message)
+                    raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "max-resource-size")))
+
             if not self.sourcecal:
                 # Valid content type check on the source resource if its not in a calendar collection
                 if self.source is not None:
@@ -332,12 +346,6 @@
                 # would be better to copy the index entries from the source and add to the destination.
                 self.calendar = self.source.iCalendar()
 
-            # Valid calendar data size check
-            result, message = self.validSizeCheck()
-            if not result:
-                log.err(message)
-                raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "max-resource-size")))
-
             # Check access
             if self.destinationcal and config.EnablePrivateEvents:
                 result = (yield self.validAccess())
@@ -431,6 +439,20 @@
 
         return result, message
         
+    def validContentLength(self):
+        """
+        Make sure that the length of the source data is within bounds.
+        """
+        result = True
+        message = ""
+        if config.MaximumAttachmentSize:
+            calsize = self.source.contentLength()
+            if calsize is not None and calsize > config.MaximumAttachmentSize:
+                result = False
+                message = "File size %d bytes is larger than allowed limit %d bytes" % (calsize, config.MaximumAttachmentSize)
+
+        return result, message
+        
     def validCalendarDataCheck(self):
         """
         Check that the calendar data is valid iCalendar.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20081204/3223a745/attachment.html>

More information about the calendarserver-changes mailing list