3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-11 07:12:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

internal/sessions: error if session too large

Browse source
This commit is contained in:
Bobby DeSimone 2019-07-06 11:34:49 -07:00
parent 10a1d2fd7e
commit 63043dec9c
No known key found for this signature in database
GPG key ID: AEE4CF12FE86D07E
4 changed files with 53 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

11
internal/sessions/session_state.go
View file

@ -11,6 +11,8 @@ import (
"github.com/pomerium/pomerium/internal/cryptutil"
)
const MaxCookieSize = 4096
var (
// ErrLifetimeExpired is an error for the lifetime deadline expiring
ErrLifetimeExpired = errors.New("user lifetime expired")
@ -87,7 +89,14 @@ func isExpired(t time.Time) bool {
// MarshalSession marshals the session state as JSON, encrypts the JSON using the
// given cipher, and base64-encodes the result
func MarshalSession(s *SessionState, c cryptutil.Cipher) (string, error) {
return c.Marshal(s)
v, err := c.Marshal(s)
if err != nil {
return "", err
}
if len(v) >= MaxCookieSize {
return "", fmt.Errorf("session too large, got %d bytes", len(v))
}
return v, nil
}
// UnmarshalSession takes the marshaled string, base64-decodes into a byte slice, decrypts the