prosody
db30ffbf2090
net/http/parser.lua
Software / code / prosody
Comparison
net/http/parser.lua @ 13378:db30ffbf2090 0.12
net.http.parser: Reject overlarge header section earlier
This case would eventually be rejected by the buffer size limit.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Wed, 23 Aug 2023 12:18:34 +0200 |
| parent | 12889:94a99330ce87 |
| child | 13379:977d92aff563 |
comparison
equal
deleted
inserted
replaced
| 13291:24070d47a6e7 | 13378:db30ffbf2090 |
|---|---|
| 57 end | 57 end |
| 58 if not buffer:write(data) then error = true; return error_cb("max-buffer-size-exceeded"); end | 58 if not buffer:write(data) then error = true; return error_cb("max-buffer-size-exceeded"); end |
| 59 while buffer:length() > 0 do | 59 while buffer:length() > 0 do |
| 60 if state == nil then -- read request | 60 if state == nil then -- read request |
| 61 local index = buffer:sub(1, headlimit):find("\r\n\r\n", nil, true); | 61 local index = buffer:sub(1, headlimit):find("\r\n\r\n", nil, true); |
| 62 if not index then return; end -- not enough data | 62 if not index then |
| 63 if buffer:length() > headlimit then | |
| 64 return error_cb("header-too-large"); | |
| 65 end | |
| 66 -- not enough data | |
| 67 return; | |
| 68 end | |
| 63 -- FIXME was reason_phrase meant to be passed on somewhere? | 69 -- FIXME was reason_phrase meant to be passed on somewhere? |
| 64 local method, path, httpversion, status_code, reason_phrase; -- luacheck: ignore reason_phrase | 70 local method, path, httpversion, status_code, reason_phrase; -- luacheck: ignore reason_phrase |
| 65 local first_line; | 71 local first_line; |
| 66 local headers = {}; | 72 local headers = {}; |
| 67 for line in buffer:read(index+3):gmatch("([^\r\n]+)\r\n") do -- parse request | 73 for line in buffer:read(index+3):gmatch("([^\r\n]+)\r\n") do -- parse request |
