Every time Clack handles a request, it reads the entire request body and puts it into a byte vector. As far as I can tell from the source and the documentation, there is no way to prevent the :raw-body-buffer from being created. If the request is an attempt to upload a very large file, allocating memory for the :raw-body-buffer will exhaust the heap and crash the Lisp image.
Therefore, you cannot use Clack to accept large file uploads. In fact, you can't accept any file uploads at all, even if your expected use-case will only require small files. If you allow any file uploads, then an attacker can deliberately upload a large file in order to DOS your server.
It should be possible to control whether the :raw-body-buffer gets created, and if not, then it should still be possible to access the data that would have gone into it.
Every time Clack handles a request, it reads the entire request body and puts it into a byte vector. As far as I can tell from the source and the documentation, there is no way to prevent the
:raw-body-buffer
from being created. If the request is an attempt to upload a very large file, allocating memory for the:raw-body-buffer
will exhaust the heap and crash the Lisp image.Therefore, you cannot use Clack to accept large file uploads. In fact, you can't accept any file uploads at all, even if your expected use-case will only require small files. If you allow any file uploads, then an attacker can deliberately upload a large file in order to DOS your server.
It should be possible to control whether the
:raw-body-buffer
gets created, and if not, then it should still be possible to access the data that would have gone into it.