From 249c86a63865e4a980511839887890c3940fc6e6 Mon Sep 17 00:00:00 2001 From: Your Name Date: Mon, 15 Apr 2024 15:45:38 +0200 Subject: [PATCH] YaHTTP: Enforce max # of request fields and max request line size The default values, 8192 bytes for the maximum request line size and 100 fields, are taken from the default settings of Apache HTTPd: - https://httpd.apache.org/docs/2.2/mod/core.html#limitrequestline - https://httpd.apache.org/docs/2.2/mod/core.html#limitrequestfields Reported by OSS-Fuzz as a timeout in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67993 --- ext/yahttp/yahttp/utility.hpp | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/ext/yahttp/yahttp/utility.hpp b/ext/yahttp/yahttp/utility.hpp index 1d5e41efea..47457e313a 100644 --- a/ext/yahttp/yahttp/utility.hpp +++ b/ext/yahttp/yahttp/utility.hpp @@ -1,4 +1,13 @@ #pragma once + +#ifndef YAHTTP_MAX_REQUEST_LINE_SIZE +#define YAHTTP_MAX_REQUEST_LINE_SIZE 8192 +#endif + +#ifndef YAHTTP_MAX_REQUEST_FIELDS +#define YAHTTP_MAX_REQUEST_FIELDS 100 +#endif + namespace YaHTTP { static const char *MONTHS[] = {0,"Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec",0}; // YAHTTP_MAX_REQUEST_LINE_SIZE) { + return {}; + } std::string::size_type pos = 0; strstr_map_t parameter_map; while (pos != std::string::npos) { @@ -390,13 +402,14 @@ namespace YaHTTP { // no parameters at all break; } - key = decodeURL(key); - value = decodeURL(value); - parameter_map[key] = std::move(value); + parameter_map[decodeURL(key)] = decodeURL(value); if (nextpos == std::string::npos) { // no more parameters left break; } + if (parameter_map.size() >= YAHTTP_MAX_REQUEST_FIELDS) { + break; + } pos = nextpos+1; } -- 2.47.2