github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-10 19:14:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden ACP prompt size guardrails

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-19 15:40:46 +01:00
parent ebcf19746f
commit 63e39d7f57
5 changed files with 89 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/acp/event-mapper.ts
View File

@@ -27,7 +27,8 @@ export function extractTextFromPrompt(prompt: ContentBlock[], maxBytes?: number)
if (blockText !== undefined) {
// Guard: reject before allocating the full concatenated string
if (maxBytes !== undefined) {
totalBytes += Buffer.byteLength(blockText, "utf-8");
const separatorBytes = parts.length > 0 ? 1 : 0; // "\n" added by join() between blocks
totalBytes += separatorBytes + Buffer.byteLength(blockText, "utf-8");
if (totalBytes > maxBytes) {
throw new Error(`Prompt exceeds maximum allowed size of ${maxBytes} bytes`);
}