From 57c4b6853f1b33ab55a630c5b0810ba667ba017a Mon Sep 17 00:00:00 2001
From: Mia Herkt <mia@0x0.st>
Date: Tue, 13 Dec 2022 23:41:12 +0100
Subject: [PATCH] Prevent unreasonably long MIME types

---
 fhost.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fhost.py b/fhost.py
index faf6d03..c1fd7cc 100755
--- a/fhost.py
+++ b/fhost.py
@@ -227,6 +227,9 @@ class File(db.Model):
             if mime in app.config["FHOST_MIME_BLACKLIST"] or guess in app.config["FHOST_MIME_BLACKLIST"]:
                 abort(415)
 
+            if len(mime) > 128:
+                abort(400)
+
             if mime.startswith("text/") and not "charset" in mime:
                 mime += "; charset=utf-8"