Fix attachment upload size check (#4282)

The min/max were reversed with the `add` and `sub` functions. This caused the files to always be out of bounds in the check. Fixes #4281
dani-garcia · Jan 28, 2024 · 0f39d96 · 0f39d96
1 parent edf7484
commit 0f39d96
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/src/api/core/ciphers.rs b/src/api/core/ciphers.rs
@@ -1123,12 +1123,12 @@ async fn save_attachment(
         // the client. Upstream allows +/- 1 MiB deviation from this
         // size, but it's not clear when or why this is needed.
         const LEEWAY: i64 = 1024 * 1024; // 1 MiB
-        let Some(min_size) = attachment.file_size.checked_add(LEEWAY) else {
-            err!("Invalid attachment size min")
-        };
-        let Some(max_size) = attachment.file_size.checked_sub(LEEWAY) else {
+        let Some(max_size) = attachment.file_size.checked_add(LEEWAY) else {
             err!("Invalid attachment size max")
         };
+        let Some(min_size) = attachment.file_size.checked_sub(LEEWAY) else {
+            err!("Invalid attachment size min")
+        };
 
         if min_size <= size && size <= max_size {
             if size != attachment.file_size {