From 6b754ec37b8d2193ec65917e5096af43ecff8d3a Mon Sep 17 00:00:00 2001
From: kishorenc <kishorenc@gmail.com>
Date: Thu, 21 May 2020 21:25:15 +0530
Subject: [PATCH] Validate max_hits before parsing as integer.

---
 src/core_api.cpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/core_api.cpp b/src/core_api.cpp
index 3a7c939f..61c4350d 100644
--- a/src/core_api.cpp
+++ b/src/core_api.cpp
@@ -347,6 +347,11 @@ bool get_search(http_req & req, http_res & res) {
         return false;
     }
 
+    if(!StringUtils::is_uint64_t(req.params[MAX_HITS])) {
+        res.set_400("Parameter `" + std::string(MAX_HITS) + "` must be an unsigned integer.");
+        return false;
+    }
+
     std::string filter_str = req.params.count(FILTER) != 0 ? req.params[FILTER] : "";
 
     std::vector<std::string> search_fields;