From b1b4603b15b34d8629861bb771c306eea2e1b5ff Mon Sep 17 00:00:00 2001
From: Lukas Schulte Pelkum <kbrt@protonmail.com>
Date: Sun, 23 May 2021 20:46:21 +0200
Subject: [PATCH] Add length cap to hastebin endpoint as well

---
 internal/web/controllers/v1/hastebin_support.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/internal/web/controllers/v1/hastebin_support.go b/internal/web/controllers/v1/hastebin_support.go
index 1fc76bc..e5c8283 100644
--- a/internal/web/controllers/v1/hastebin_support.go
+++ b/internal/web/controllers/v1/hastebin_support.go
@@ -13,6 +13,14 @@ import (
 
 // HastebinSupportHandler handles the legacy hastebin requests
 func HastebinSupportHandler(ctx *fasthttp.RequestCtx) {
+	// Check content length before reading body into memory
+	if config.Current.LengthCap > 0 &&
+		ctx.Request.Header.ContentLength() > config.Current.LengthCap {
+		ctx.SetStatusCode(fasthttp.StatusBadRequest)
+		ctx.SetBodyString("request body length overflow")
+		return
+	}
+
 	// Define the paste content
 	var content string
 	switch string(ctx.Request.Header.ContentType()) {