From: Dr. David von Oheimb Date: Tue, 8 Oct 2024 06:16:25 +0000 (+0200) Subject: http_client.c,OSSL_HTTP_REQ_CTX.pod,http.h: fixups for PR #23781 on max_response_hdr_... X-Git-Tag: openssl-3.5.0-alpha1~630 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=91114d53b02b684e07cf0671ec88be78f398dd00;p=thirdparty%2Fopenssl.git http_client.c,OSSL_HTTP_REQ_CTX.pod,http.h: fixups for PR #23781 on max_response_hdr_lines Reviewed-by: Dmitry Belyavskiy Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/25541) --- diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index f508d5b1f4e..e9656ae467b 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -67,7 +67,7 @@ struct ossl_http_req_ctx_st { time_t max_time; /* Maximum end time of current transfer, or 0 */ time_t max_total_time; /* Maximum end time of total transfer, or 0 */ char *redirection_url; /* Location obtained from HTTP status 301/302 */ - size_t max_hdr_lines; /* Max. number of http hdr lines, or 0 */ + size_t max_hdr_lines; /* Max. number of response header lines, or 0 */ }; /* HTTP states */ @@ -698,7 +698,6 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) resp_hdr_lines++; if (rctx->max_hdr_lines != 0 && rctx->max_hdr_lines < resp_hdr_lines) { ERR_raise(ERR_LIB_HTTP, HTTP_R_RESPONSE_TOO_MANY_HDRLINES); - OSSL_TRACE(HTTP, "Received too many headers\n"); rctx->state = OHS_ERROR; return 0; } @@ -807,8 +806,6 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) if (OSSL_TRACE_ENABLED(HTTP)) OSSL_TRACE(HTTP, "]\n"); - resp_hdr_lines = 0; - if (rctx->keep_alive != 0 /* do not let server initiate keep_alive */ && !found_keep_alive /* otherwise there is no change */) { if (rctx->keep_alive == 2) { diff --git a/doc/man3/OSSL_HTTP_REQ_CTX.pod b/doc/man3/OSSL_HTTP_REQ_CTX.pod index c3b702a6fda..b3220dd21d4 100644 --- a/doc/man3/OSSL_HTTP_REQ_CTX.pod +++ b/doc/man3/OSSL_HTTP_REQ_CTX.pod @@ -15,8 +15,8 @@ OSSL_HTTP_REQ_CTX_exchange, OSSL_HTTP_REQ_CTX_get0_mem_bio, OSSL_HTTP_REQ_CTX_get_resp_len, OSSL_HTTP_REQ_CTX_set_max_response_length, -OSSL_HTTP_is_alive, -OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines +OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines, +OSSL_HTTP_is_alive - HTTP client low-level functions =head1 SYNOPSIS @@ -48,12 +48,11 @@ OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines size_t OSSL_HTTP_REQ_CTX_get_resp_len(const OSSL_HTTP_REQ_CTX *rctx); void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx, unsigned long len); - - int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx); - void OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(OSSL_HTTP_REQ_CTX *rctx, size_t count); + int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx); + =head1 DESCRIPTION B is a context structure for an HTTP request and response, @@ -189,6 +188,13 @@ OSSL_HTTP_REQ_CTX_set_max_response_length() sets the maximum allowed response content length for I to I. If not set or I is 0 then the B is used, which currently is 100 KiB. +OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() changes the limit for +the number of HTTP header lines allowed to be received in a response. +The default limit is B, currently 256. +If the limit is not 0 and the number of lines exceeds the limit, +then the HTTP_R_RESPONSE_TOO_MANY_HDRLINES error is indicated. +Setting the limit to 0 disables the check. + OSSL_HTTP_is_alive() can be used to query if the HTTP connection given by I is still alive, i.e., has not been closed. It returns 0 if I is NULL. @@ -201,12 +207,6 @@ In case the client application keeps I but the connection then dies for any reason at the server side, it will notice this obtaining an I/O error when trying to send the next request via I. -The OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() function changes the limit -for the number of HTTP headers which can be received in a response. The default -value is 256. If the number of HTTP headers in a response exceeds the limit, -then the HTTP_R_RESPONSE_TOO_MANY_HDRLINES error is indicated. Setting the -limit to 0 disables the check. - =head1 WARNINGS The server's response may be unexpected if the hostname that was used to @@ -253,8 +253,8 @@ See also L and L. OSSL_HTTP_REQ_CTX_new() returns a pointer to a B, or NULL on error. -OSSL_HTTP_REQ_CTX_free() and OSSL_HTTP_REQ_CTX_set_max_response_length() -do not return values. +OSSL_HTTP_REQ_CTX_free(), OSSL_HTTP_REQ_CTX_set_max_response_length(), and +OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() do not return values. OSSL_HTTP_REQ_CTX_set_request_line(), OSSL_HTTP_REQ_CTX_add1_header(), OSSL_HTTP_REQ_CTX_set1_req(), and OSSL_HTTP_REQ_CTX_set_expected() @@ -288,7 +288,9 @@ L, and L. =head1 HISTORY -The functions described here were added in OpenSSL 3.0. +OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() was added in OpenSSL 3.3. + +All other functions described here were added in OpenSSL 3.0. =head1 COPYRIGHT diff --git a/include/openssl/http.h b/include/openssl/http.h index 339b567dcd3..ed1679e2c9c 100644 --- a/include/openssl/http.h +++ b/include/openssl/http.h @@ -62,6 +62,8 @@ BIO *OSSL_HTTP_REQ_CTX_get0_mem_bio(const OSSL_HTTP_REQ_CTX *rctx); size_t OSSL_HTTP_REQ_CTX_get_resp_len(const OSSL_HTTP_REQ_CTX *rctx); void OSSL_HTTP_REQ_CTX_set_max_response_length(OSSL_HTTP_REQ_CTX *rctx, unsigned long len); +void OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(OSSL_HTTP_REQ_CTX *rctx, + size_t count); int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx); /* High-level HTTP API */ @@ -108,9 +110,6 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy, const char *server, int use_ssl); -void OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(OSSL_HTTP_REQ_CTX *rctx, - size_t count); - # endif /* !defined(OPENSSL_NO_HTTP) */ # ifdef __cplusplus }