From f57f7022a131c48954745e59ec12909200027796 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <me@drbonez.dev>
Date: Wed, 9 Feb 2022 13:48:38 -0700
Subject: [PATCH] limit icon size to 100K

---
 backend/src/s9pk/reader.rs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/backend/src/s9pk/reader.rs b/backend/src/s9pk/reader.rs
index bcf395549..af81811e8 100644
--- a/backend/src/s9pk/reader.rs
+++ b/backend/src/s9pk/reader.rs
@@ -136,6 +136,13 @@ impl<R: AsyncRead + AsyncSeek + Unpin> S9pkReader<InstallProgressTracker<R>> {
 impl<R: AsyncRead + AsyncSeek + Unpin> S9pkReader<R> {
     #[instrument(skip(self))]
     pub async fn validate(&mut self) -> Result<(), Error> {
+        if self.toc.icon.length > 102_400 {
+            // 100 KiB
+            return Err(Error::new(
+                eyre!("icon must be less than 100KiB"),
+                crate::ErrorKind::ValidateS9pk,
+            ));
+        }
         let image_tags = self.image_tags().await?;
         let man = self.manifest().await?;
         let validated_image_ids = image_tags