prosody
db30ffbf2090
net/http/parser.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

Diff

net/http/parser.lua @ 13378:db30ffbf2090 0.12

net.http.parser: Reject overlarge header section earlier This case would eventually be rejected by the buffer size limit.
author Kim Alvefur <zash@zash.se>
date Wed, 23 Aug 2023 12:18:34 +0200
parent 12889:94a99330ce87
child 13379:977d92aff563
line wrap: on
line diff
--- a/net/http/parser.lua	Fri Oct 27 19:03:59 2023 +0200
+++ b/net/http/parser.lua	Wed Aug 23 12:18:34 2023 +0200
@@ -59,7 +59,13 @@
 			while buffer:length() > 0 do
 				if state == nil then -- read request
 					local index = buffer:sub(1, headlimit):find("\r\n\r\n", nil, true);
-					if not index then return; end -- not enough data
+					if not index then
+						if buffer:length() > headlimit then
+							return error_cb("header-too-large");
+						end
+						-- not enough data
+						return;
+					end
 					-- FIXME was reason_phrase meant to be passed on somewhere?
 					local method, path, httpversion, status_code, reason_phrase; -- luacheck: ignore reason_phrase
 					local first_line;