From: =?UTF-8?q?Lo=C3=AFc=20Hoguin?= <essen@ninenines.eu>
Date: Wed, 13 Jan 2016 16:03:28 +0100
Subject: [PATCH] Limit sample ranges sent to the client
diff --git a/src/rabbit_mgmt_util.erl b/src/rabbit_mgmt_util.erl
index 07e1c45..dc35683 100644
--- a/src/rabbit_mgmt_util.erl
+++ b/src/rabbit_mgmt_util.erl
@@ -43,6 +43,8 @@
-define(FRAMING, rabbit_framing_amqp_0_9_1).
+-define(MAX_RANGE, 500).
+
%%--------------------------------------------------------------------
is_authorized(ReqData, Context) ->
@@ -566,7 +568,9 @@ range(Prefix, Round, ReqData) ->
Age0 = int(Prefix ++ "_age", ReqData),
Incr0 = int(Prefix ++ "_incr", ReqData),
if
- is_integer(Age0) andalso is_integer(Incr0) ->
+ is_integer(Age0) andalso is_integer(Incr0)
+ andalso (Age0 > 0) andalso (Incr0 > 0)
+ andalso ((Age0 div Incr0) =< ?MAX_RANGE) ->
Age = Age0 * 1000,
Incr = Incr0 * 1000,
Now = rabbit_mgmt_format:timestamp_ms(erlang:now()),