internal/helm: check size of meta files in package

Signed-off-by: Hidde Beydals <hello@hidde.co>
2021-11-23 09:33:04 +01:00 · 2021-11-23 09:33:04 +01:00 · ee1cb49b0c
parent 87c7c80e0a
commit ee1cb49b0c
1 changed files with 3 additions and 0 deletions
--- a/internal/helm/chart/metadata.go
+++ b/internal/helm/chart/metadata.go
@ -228,6 +228,9 @@ func LoadChartMetadataFromArchive(archive string) (*helmchart.Metadata, error) {

 		switch parts[1] {
 		case chartutil.ChartfileName, "requirements.yaml":
+			if hd.Size > helm.MaxChartFileSize {
+				return nil, fmt.Errorf("size of '%s' exceeds '%d' bytes limit", hd.Name, helm.MaxChartFileSize)
+			}
 			b, err := io.ReadAll(tr)
 			if err != nil {
 				return nil, err