Fix missing bounds check in MCP handlers

hughdbrown · hughdbrown · commit 40b8ae6e70d0 · 2026-02-04T14:42:41.000-07:00
The getAttachment and exportAttachment MCP handlers had att.Size (database metadata) available but never checked it against
  maxAttachmentSize before calling readAttachmentFile. This meant:
  - Unnecessary file I/O (open + stat) for attachments already known to be too large
  - Misleading error messages ("file not available" instead of "too large")
  - If the file existed, the full stat + LimitReader pipeline would execute before rejecting

  The Fix (2 lines of logic, added to 2 call sites)

  Added a pre-flight att.Size &gt; maxAttachmentSize check in both getAttachment (line 153) and exportAttachment (line 219), immediately
  after confirming the attachments directory is configured and before any file I/O.

  Changes Made

  - internal/mcp/handlers.go: Added pre-flight size check in both handlers (2x 3 lines)
  - internal/mcp/server_test.go: Added TestGetAttachment_RejectsOversizedBeforeFileIO and
  TestExportAttachment_RejectsOversizedBeforeFileIO (44 lines)
diff --git a/internal/mcp/handlers.go b/internal/mcp/handlers.go
@@ -151,6 +151,10 @@ func (h *handlers) getAttachment(ctx context.Context, req mcp.CallToolRequest) (
 		return mcp.NewToolResultError("attachments directory not configured"), nil
 	}
 
+	if att.Size > maxAttachmentSize {
+		return mcp.NewToolResultError(fmt.Sprintf("attachment too large: %d bytes (max %d)", att.Size, maxAttachmentSize)), nil
+	}
+
 	data, err := h.readAttachmentFile(att.ContentHash)
 	if err != nil {
 		return mcp.NewToolResultError(err.Error()), nil
@@ -213,6 +217,10 @@ func (h *handlers) exportAttachment(ctx context.Context, req mcp.CallToolRequest
 		return mcp.NewToolResultError("attachments directory not configured"), nil
 	}
 
+	if att.Size > maxAttachmentSize {
+		return mcp.NewToolResultError(fmt.Sprintf("attachment too large: %d bytes (max %d)", att.Size, maxAttachmentSize)), nil
+	}
+
 	data, err := h.readAttachmentFile(att.ContentHash)
 	if err != nil {
 		return mcp.NewToolResultError(err.Error()), nil
diff --git a/internal/mcp/server_test.go b/internal/mcp/server_test.go
@@ -677,6 +677,65 @@ func TestExportAttachment_EdgeFilenames(t *testing.T) {
 	}
 }
 
+func TestGetAttachment_RejectsOversizedBeforeFileIO(t *testing.T) {
+	// The att.Size metadata from the database tells us this attachment is too
+	// large BEFORE we try to open the file. The handler should reject with a
+	// "too large" error immediately, without attempting any file I/O.
+	//
+	// Without the pre-flight check, the handler would try to open the file
+	// and produce a misleading "not available" error instead.
+
+	oversizeAtt := &query.AttachmentInfo{
+		ID:          99,
+		Filename:    "huge.bin",
+		MimeType:    "application/octet-stream",
+		Size:        maxAttachmentSize + 1,
+		ContentHash: "dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+	}
+
+	h := &handlers{
+		engine: &querytest.MockEngine{
+			Attachments: map[int64]*query.AttachmentInfo{99: oversizeAtt},
+		},
+		attachmentsDir: t.TempDir(), // empty dir — file does NOT exist on disk
+	}
+
+	// getAttachment should reject based on metadata size, not file I/O error
+	r := runToolExpectError(t, "get_attachment", h.getAttachment, map[string]any{
+		"attachment_id": float64(99),
+	})
+	txt := resultText(t, r)
+	if !strings.Contains(txt, "too large") {
+		t.Fatalf("expected 'too large' rejection from metadata check, got: %s", txt)
+	}
+}
+
+func TestExportAttachment_RejectsOversizedBeforeFileIO(t *testing.T) {
+	oversizeAtt := &query.AttachmentInfo{
+		ID:          99,
+		Filename:    "huge.bin",
+		MimeType:    "application/octet-stream",
+		Size:        maxAttachmentSize + 1,
+		ContentHash: "dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
+	}
+
+	h := &handlers{
+		engine: &querytest.MockEngine{
+			Attachments: map[int64]*query.AttachmentInfo{99: oversizeAtt},
+		},
+		attachmentsDir: t.TempDir(),
+	}
+
+	r := runToolExpectError(t, "export_attachment", h.exportAttachment, map[string]any{
+		"attachment_id": float64(99),
+		"destination":   t.TempDir(),
+	})
+	txt := resultText(t, r)
+	if !strings.Contains(txt, "too large") {
+		t.Fatalf("expected 'too large' rejection from metadata check, got: %s", txt)
+	}
+}
+
 func TestLimitArgClamping(t *testing.T) {
 	tests := []struct {
 		name string
