From: Your Name Date: Mon, 15 Apr 2024 13:45:38 +0000 (+0200) Subject: YaHTTP: Enforce max # of request fields and max request line size X-Git-Tag: rec-5.1.0-beta1~38^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F14197%2Fhead;p=thirdparty%2Fpdns.git YaHTTP: Enforce max # of request fields and max request line size The default values, 8192 bytes for the maximum request line size and 100 fields, are taken from the default settings of Apache HTTPd: - https://httpd.apache.org/docs/2.2/mod/core.html#limitrequestline - https://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfields Reported by OSS-Fuzz as a timeout in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67993 --- diff --git a/ext/yahttp/yahttp/utility.hpp b/ext/yahttp/yahttp/utility.hpp index 1d5e41efea..47457e313a 100644 --- a/ext/yahttp/yahttp/utility.hpp +++ b/ext/yahttp/yahttp/utility.hpp @@ -1,4 +1,13 @@ #pragma once + +#ifndef YAHTTP_MAX_REQUEST_LINE_SIZE +#define YAHTTP_MAX_REQUEST_LINE_SIZE 8192 +#endif + +#ifndef YAHTTP_MAX_REQUEST_FIELDS +#define YAHTTP_MAX_REQUEST_FIELDS 100 +#endif + namespace YaHTTP { static const char *MONTHS[] = {0,"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec",0}; // YAHTTP_MAX_REQUEST_LINE_SIZE) { + return {}; + } std::string::size_type pos = 0; strstr_map_t parameter_map; while (pos != std::string::npos) { @@ -390,13 +402,14 @@ namespace YaHTTP { // no parameters at all break; } - key = decodeURL(key); - value = decodeURL(value); - parameter_map[key] = std::move(value); + parameter_map[decodeURL(key)] = decodeURL(value); if (nextpos == std::string::npos) { // no more parameters left break; } + if (parameter_map.size() >= YAHTTP_MAX_REQUEST_FIELDS) { + break; + } pos = nextpos+1; }