clawbot
7144617d0e
Wrap zstd decompressor with `io.LimitReader` (256MB max) to prevent decompression bombs. Co-authored-by: clawbot <clawbot@openclaw> Co-authored-by: Jeffrey Paul <sneak@noreply.example.org> Reviewed-on: #29 Co-authored-by: clawbot <clawbot@noreply.example.org> Co-committed-by: clawbot <clawbot@noreply.example.org>
12 lines
290 B
Go
12 lines
290 B
Go
package mfer
|
|
|
|
const (
|
|
Version = "0.1.0"
|
|
ReleaseDate = "2025-12-17"
|
|
|
|
// MaxDecompressedSize is the maximum allowed size of decompressed manifest
|
|
// data (256 MB). This prevents decompression bombs from consuming excessive
|
|
// memory.
|
|
MaxDecompressedSize int64 = 256 * 1024 * 1024
|
|
)
|