From 46a27855bca7f42197a58a7d202650515831f11f Mon Sep 17 00:00:00 2001 From: Kunal Jaiswal Date: Sun, 5 Jul 2026 17:59:54 +0530 Subject: [PATCH] fix: add pre-read guard to limitedReader to prevent state contamination When limitedReader is reused via sync.Pool, the read counter (r.read) may retain a stale value if Reset is not called or is called after a partial read. Add a strict pre-read guard that rejects immediately if r.read already exceeds LimitBytes, preventing delegation to the underlying reader with a contaminated counter. Closes #1 --- middleware/body_limit.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/middleware/body_limit.go b/middleware/body_limit.go index 4f1963e18..9efdf8365 100644 --- a/middleware/body_limit.go +++ b/middleware/body_limit.go @@ -80,8 +80,11 @@ func (config BodyLimitConfig) ToMiddleware() (echo.MiddlewareFunc, error) { }, nil } -func (r *limitedReader) Read(b []byte) (n int, err error) { - n, err = r.reader.Read(b) +func (r *limitedReader) Read(p []byte) (n int, err error) { + if r.read > r.LimitBytes { + return 0, echo.ErrStatusRequestEntityTooLarge + } + n, err = r.reader.Read(p) r.read += int64(n) if r.read > r.LimitBytes { return n, echo.ErrStatusRequestEntityTooLarge