From f1d09553721ffee368fc2023b35620ff792a1c17 Mon Sep 17 00:00:00 2001
From: Mike Jensen <mike.jensen@goteleport.com>
Date: Wed, 18 Oct 2023 10:14:14 -0600
Subject: [PATCH 1/2] snowflake/http: Limit Decompressed Request to 10MB

---
 lib/srv/db/snowflake/http.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/srv/db/snowflake/http.go b/lib/srv/db/snowflake/http.go
index ceb91422dcfb0..d79969a5a29e3 100644
--- a/lib/srv/db/snowflake/http.go
+++ b/lib/srv/db/snowflake/http.go
@@ -107,7 +107,7 @@ func maybeReadGzip(headers *http.Header, body []byte) ([]byte, error) {
 	}
 	defer bodyGZ.Close()
 
-	body, err = io.ReadAll(bodyGZ)
+	body, err = io.ReadAll(io.LimitReader(bodyGZ, teleport.MaxHTTPRequestSize))
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}

From 4046042fcdd86dd22428f3be11278ee96fd77b7b Mon Sep 17 00:00:00 2001
From: Mike Jensen <mike.jensen@goteleport.com>
Date: Wed, 18 Oct 2023 11:13:36 -0600
Subject: [PATCH 2/2] snowflake/http: Use existing `utils.ReadAtMost` instead
 of io.LimitReader directly

---
 lib/srv/db/snowflake/http.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/srv/db/snowflake/http.go b/lib/srv/db/snowflake/http.go
index d79969a5a29e3..669d21802ae59 100644
--- a/lib/srv/db/snowflake/http.go
+++ b/lib/srv/db/snowflake/http.go
@@ -29,6 +29,7 @@ import (
 	"github.com/gravitational/trace"
 
 	"github.com/gravitational/teleport"
+	"github.com/gravitational/teleport/lib/utils"
 )
 
 func writeResponse(resp *http.Response, newResp []byte) (*bytes.Buffer, error) {
@@ -69,7 +70,7 @@ func copyRequest(ctx context.Context, req *http.Request, body io.Reader) (*http.
 func readRequestBody(req *http.Request) ([]byte, error) {
 	defer req.Body.Close()
 
-	body, err := io.ReadAll(io.LimitReader(req.Body, teleport.MaxHTTPRequestSize))
+	body, err := utils.ReadAtMost(req.Body, teleport.MaxHTTPRequestSize)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -80,7 +81,7 @@ func readRequestBody(req *http.Request) ([]byte, error) {
 func readResponseBody(resp *http.Response) ([]byte, error) {
 	defer resp.Body.Close()
 
-	body, err := io.ReadAll(io.LimitReader(resp.Body, teleport.MaxHTTPRequestSize))
+	body, err := utils.ReadAtMost(resp.Body, teleport.MaxHTTPRequestSize)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -107,7 +108,7 @@ func maybeReadGzip(headers *http.Header, body []byte) ([]byte, error) {
 	}
 	defer bodyGZ.Close()
 
-	body, err = io.ReadAll(io.LimitReader(bodyGZ, teleport.MaxHTTPRequestSize))
+	body, err = utils.ReadAtMost(bodyGZ, teleport.MaxHTTPRequestSize)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}