store_url: only accept identity content encoding

Some servers (like IPFS gateways) will use chunked transfer encoding on
anything but identity content encoding. Also, probably fix a potential
zip bomb vulnerability.
This commit is contained in:
Martin Herkt 2017-10-30 05:36:03 +01:00
parent 04b46bd01a
commit b2d830e2aa
No known key found for this signature in database
GPG key ID: C24B9CD04DC6AE7F

View file

@ -234,7 +234,8 @@ def store_url(url, addr):
if is_fhost_url(url):
return segfault(508)
r = requests.get(url, stream=True, verify=False)
h = { "Accept-Encoding" : "identity" }
r = requests.get(url, stream=True, verify=False, headers=h)
try:
r.raise_for_status()