Reduce buffer size to avoid pathological parsing

[CVE-2018-16470] Revert "Merge pull request #1192 from jkowens/master" This reverts commit c43217a.
rack · Nov 5, 2018 · 37c1160 · 37c1160 · PikachuEXE · Nov 6, 2018
1 parent 99fea65
commit 37c1160
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/rack/multipart/parser.rb b/lib/rack/multipart/parser.rb
@@ -5,7 +5,7 @@ module Multipart
  class MultipartPartLimitError < Errno::EMFILE; end
 
  class Parser
- BUFSIZE = 1_048_576
+ BUFSIZE = 16384
  TEXT_PLAIN = "text/plain"
  TEMPFILE_FACTORY = lambda { |filename, content_type|
  Tempfile.new(["RackMultipart", ::File.extname(filename.gsub("\0".freeze, '%00'.freeze))])