tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add HTTP Header size limits

This commit is contained in:
Gunnar Beutner 2018-01-31 09:05:06 +01:00 committed by Jean Flach
parent 0339a2b827
commit f5f8b90ec8
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/remote/httprequest.cpp
View File

@ -45,8 +45,15 @@ bool HttpRequest::Parse(StreamReadContext& src, bool may_wait)
String line;
StreamReadStatus srs = m_Stream->ReadLine(&line, src, may_wait);
if (srs != StatusNewItem)
if (srs != StatusNewItem) {
if (src.Size > 512)
BOOST_THROW_EXCEPTION(std::invalid_argument("Line length for HTTP header exceeded"));
return false;
}
if (line.GetLength() > 512)
BOOST_THROW_EXCEPTION(std::invalid_argument("Line length for HTTP header exceeded"));
if (m_State == HttpRequestStart) {
/* ignore trailing new-lines */
@ -84,6 +91,9 @@ bool HttpRequest::Parse(StreamReadContext& src, bool may_wait)
return true;
} else {
if (Headers->GetLength() > 128)
BOOST_THROW_EXCEPTION(std::invalid_argument("Maximum number of HTTP request headers exceeded"));
String::SizeType pos = line.FindFirstOf(":");
if (pos == String::NPos)
BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid HTTP request"));