Add limits to HTTP requests

dnscrypt-proxy/common.go

@@ -21,6 +21,10 @@ const (
 	ClientMagicLen = 8
 )
 
+const (
+	MaxHTTPBodyLength = 4000000
+)
+
 var (
 	CertMagic              = [4]byte{0x44, 0x4e, 0x53, 0x43}
 	ServerMagic            = [8]byte{0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38}

dnscrypt-proxy/proxy.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"io"
 	"io/ioutil"
 	"math/rand"
 	"net"
@@ -282,7 +283,7 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
 			if err != nil {
 				return
 			}
-			response, err = ioutil.ReadAll(resp.Body)
+			response, err = ioutil.ReadAll(io.LimitReader(resp.Body, int64(MaxDNSPacketSize)))
 			if err != nil {
 				return
 			}

dnscrypt-proxy/serversInfo.go

@@ -5,6 +5,7 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"math/rand"
 	"net"
@@ -253,7 +254,7 @@ func (serversInfo *ServersInfo) fetchDoHServerInfo(proxy *Proxy, name string, st
 	if !found && len(stamp.hashes) > 0 {
 		return ServerInfo{}, fmt.Errorf("Certificate hash [%x] not found for [%s]", wantedHash, name)
 	}
-	respBody, err := ioutil.ReadAll(resp.Body)
+	respBody, err := ioutil.ReadAll(io.LimitReader(resp.Body, MaxHTTPBodyLength))
 	if err != nil {
 		return ServerInfo{}, err
 	}

dnscrypt-proxy/sources.go

@@ -4,6 +4,7 @@ import (
 	"encoding/csv"
 	"errors"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"net/http"
 	"net/url"
@@ -90,7 +91,7 @@ func fetchWithCache(xTransport *XTransport, urlStr string, cacheFile string) (in
 		return
 	}
 	var bin []byte
-	bin, err = ioutil.ReadAll(resp.Body)
+	bin, err = ioutil.ReadAll(io.LimitReader(resp.Body, MaxHTTPBodyLength))
 	resp.Body.Close()
 	if err != nil {
 		return