From: Eric Wong Date: Sat, 5 Apr 2025 17:44:13 +0000 (+0000) Subject: http: refuse to deal with >4GB chunks in uploads X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b2b864e489b00185f7139a5b3de099598dbecdad;p=thirdparty%2Fpublic-inbox.git http: refuse to deal with >4GB chunks in uploads The `hex' perlop will return an NV (typically 64-bit double) on UV (unsigned int) overflow and warns on larger values. While 64-bit integer builds of 32-bit perl (e.g. Debian i386) can handle 64-bit numbers, there are builds of perl which still use 32-bit integers nowadays (e.g. OpenBSD 7.x i386). It's unlikely we'll ever see chunks even close to 4GB, so just cap it at 8 hex characters and drop clients which send larger amounts. --- diff --git a/lib/PublicInbox/HTTP.pm b/lib/PublicInbox/HTTP.pm index fd9021d61..7bee0b0a0 100644 --- a/lib/PublicInbox/HTTP.pm +++ b/lib/PublicInbox/HTTP.pm @@ -432,6 +432,7 @@ sub read_input_chunked { # unlikely... } if ($len == CHUNK_START) { if ($$rbuf =~ s/\A([a-f0-9]+).*?\r\n//i) { + return quit($self, 400) if length($1) > 8; $len = hex $1; if (($len + -s $input) > $MAX_REQUEST_BUFFER) { return quit($self, 413);