Improve handling of expanding HTTP header values (#1536)

[thirdparty/squid.git] / src / http.cc

diff --git a/src/http.cc b/src/http.cc
index 7ed3189a177d57ca86f10f087d6ed48f70fec25b..19cf5699e0d8be6772d543393f41ee4d40462365 100644 (file)
--- a/src/http.cc
+++ b/src/http.cc
@@ -1895,8 +1895,9 @@ HttpStateData::httpBuildRequestHeader(HttpRequest * request,
 
         String strFwd = hdr_in->getList(Http::HdrType::X_FORWARDED_FOR);
 
-        // if we cannot double strFwd size, then it grew past 50% of the limit
-        if (!strFwd.canGrowBy(strFwd.size())) {
+        // Detect unreasonably long header values. And paranoidly check String
+        // limits: a String ought to accommodate two reasonable-length values.
+        if (strFwd.size() > 32*1024 || !strFwd.canGrowBy(strFwd.size())) {
             // There is probably a forwarding loop with Via detection disabled.
             // If we do nothing, String will assert on overflow soon.
             // TODO: Terminate all transactions with huge XFF?