Documentation
¶
Index ¶
Constants ¶
View Source
const ( // MaxManifestBodySize is the maximum allowed size of a manifest. The limit // of 4 MB aligns with the one of a Docker registry: // https://github.com/docker/distribution/blob/a8371794149d1d95f1e846744b05c87f2f825e5a/registry/handlers/manifests.go#L30 MaxManifestBodySize = 4 * megaByte // MaxAuthTokenBodySize is the maximum allowed size of an auth token. // The limit of 1 MB is considered to be greatly sufficient. MaxAuthTokenBodySize = megaByte // MaxSignatureListBodySize is the maximum allowed size of a signature list. // The limit of 4 MB is considered to be greatly sufficient. MaxSignatureListBodySize = 4 * megaByte // MaxSignatureBodySize is the maximum allowed size of a signature. // The limit of 4 MB is considered to be greatly sufficient. MaxSignatureBodySize = 4 * megaByte // MaxErrorBodySize is the maximum allowed size of an error-response body. // The limit of 1 MB is considered to be greatly sufficient. MaxErrorBodySize = megaByte // MaxConfigBodySize is the maximum allowed size of a config blob. // The limit of 4 MB is considered to be greatly sufficient. MaxConfigBodySize = 4 * megaByte // MaxOpenShiftStatusBody is the maximum allowed size of an OpenShift status body. // The limit of 4 MB is considered to be greatly sufficient. MaxOpenShiftStatusBody = 4 * megaByte // MaxTarFileManifestSize is the maximum allowed size of a (docker save)-like manifest (which may contain multiple images) // The limit of 1 MB is considered to be greatly sufficient. MaxTarFileManifestSize = megaByte )
All constants below are intended to be used as limits for `ReadAtMost`. The immediate use-case for limiting the size of in-memory copied data is to protect against OOM DOS attacks as described inCVE-2020-1702. Instead of copying data until running out of memory, we error out after hitting the specified limit.
Variables ¶
This section is empty.
Functions ¶
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.