http.c: Give HTTP error response when received lines are too long.

Added a check when we receive a HTTP request line or header line that is
too long.  We now return an error response to the sender because we are
not able to process the request.

Change-Id: I6df2705435fd7dde4d5d3bdf7acec859cfb7c12d

diff --git a/main/http.c b/main/http.c
index e8d395b1542ec11793ee5354480363df58d35312..15c6da29b7708325e06a1cb739255a5e32d87c1f 100644 (file)
--- a/main/http.c
+++ b/main/http.c
@@ -1772,6 +1772,7 @@ static int http_request_headers_get(struct ast_tcptls_session_instance *ser, str
 
        remaining_headers = MAX_HTTP_REQUEST_HEADERS;
        for (;;) {
+               size_t len;
                char *name;
                char *value;
 
@@ -1779,6 +1780,13 @@ static int http_request_headers_get(struct ast_tcptls_session_instance *ser, str
                        ast_http_error(ser, 400, "Bad Request", "Timeout");
                        return -1;
                }
+               len = strlen(header_line);
+               if (!len || header_line[len - 1] != '\n') {
+                       /* We didn't get a full line */
+                       ast_http_error(ser, 400, "Bad Request",
+                               (len == sizeof(header_line) - 1) ? "Header line too long" : "Timeout");
+                       return -1;
+               }
 
                /* Trim trailing characters */
                ast_trim_blanks(header_line);
@@ -1847,6 +1855,7 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
        struct http_worker_private_data *request;
        enum ast_http_method http_method = AST_HTTP_UNKNOWN;
        int res;
+       size_t len;
        char request_line[MAX_HTTP_LINE_LENGTH];
 
        if (!fgets(request_line, sizeof(request_line), ser->f)) {
@@ -1857,6 +1866,14 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
        request = ser->private_data;
        http_request_tracking_init(request);
 
+       len = strlen(request_line);
+       if (!len || request_line[len - 1] != '\n') {
+               /* We didn't get a full line */
+               ast_http_error(ser, 400, "Bad Request",
+                       (len == sizeof(request_line) - 1) ? "Request line too long" : "Timeout");
+               return -1;
+       }
+
        /* Get method */
        method = ast_skip_blanks(request_line);
        uri = ast_skip_nonblanks(method);