c-hyper: bail on too long response headers

author Daniel Stenberg <daniel@haxx.se>

Mon, 5 Jul 2021 15:13:29 +0000 (17:13 +0200)

committer Daniel Stenberg <daniel@haxx.se>

Mon, 5 Jul 2021 20:49:12 +0000 (22:49 +0200)
author Daniel Stenberg <daniel@haxx.se>
Mon, 5 Jul 2021 15:13:29 +0000 (17:13 +0200)
committer Daniel Stenberg <daniel@haxx.se>
Mon, 5 Jul 2021 20:49:12 +0000 (22:49 +0200)
diff --git a/lib/c-hyper.c b/lib/c-hyper.c

index e5b352c998b3dcb0829d95220bb686f0da0c8251..7a22007cee4825f75425e894c99953d32bec4726 100644 (file)
--- a/lib/c-hyper.c
+++ b/lib/c-hyper.c
@@ -126,6 +126,12 @@ static int hyper_each_header(void *userdata,
    CURLcode result;
    int writetype;
  
+  if(name_len + value_len + 2 > CURL_MAX_HTTP_HEADER) {
+    failf(data, "Too long response header");
+    data->state.hresult = CURLE_OUT_OF_MEMORY;
+    return HYPER_ITER_BREAK;
+  }
+
    if(!data->req.bytecount)
      Curl_pgrsTime(data, TIMER_STARTTRANSFER);
  
diff --git a/tests/data/DISABLED b/tests/data/DISABLED

index 7a102b83cf4140d0217ea1453a22ae33349d7a81..5366e16dc5f2350a1686c7ec6fbb0baa2cadc320 100644 (file)
--- a/tests/data/DISABLED
+++ b/tests/data/DISABLED
@@ -96,8 +96,6 @@
  1138
  1144
  1147
-1151
-1154
  1156
  1160
  1164
author	Daniel Stenberg <daniel@haxx.se>
	Mon, 5 Jul 2021 15:13:29 +0000 (17:13 +0200)
committer	Daniel Stenberg <daniel@haxx.se>
	Mon, 5 Jul 2021 20:49:12 +0000 (22:49 +0200)
lib/c-hyper.c		patch \| blob \| blame \| history
tests/data/DISABLED		patch \| blob \| blame \| history