doh: limit max query size to 1024 B

The value is kind of arbitrary, as precaution. 64k value was causing
cqueues to close connections with GET requests with "Broken pipe"
and it seems to work with 1024 B.

diff --git a/modules/http/http_doh.lua b/modules/http/http_doh.lua
index ae33edbd78b41500e79f52f75be0860bbb92fa3a..0299a67a3cf7e3a65321cc9d1c40d729e637266a 100644 (file)
--- a/modules/http/http_doh.lua
+++ b/modules/http/http_doh.lua
@@ -20,13 +20,13 @@ local function serve_doh(h, stream)
        local input
        local method = h:get(':method')
        if method == 'POST' then
-               input = stream:get_body_chars(65536, 2)  -- read timeout = KR_CONN_RTT_MAX
+               input = stream:get_body_chars(1025, 2)  -- read timeout = KR_CONN_RTT_MAX
        elseif method == 'GET' then
                local input_b64 = string.match(h:get(':path'), '^/doh%?dns=([a-zA-Z0-9_-]+)$')
                if not input_b64 then
                        return 400, 'base64url query not found'
                end
-               if #input_b64 > 87380 then  -- base64url encode 65535
+               if #input_b64 > 1368 then  -- base64url encode 1024
                        return 414, 'query parameter in URI too long'
                end
                input = basexx.from_url64(input_b64)
@@ -39,7 +39,7 @@ local function serve_doh(h, stream)
 
        if #input < 12 then
                return 400, 'input too short'
-       elseif #input > 65535 then
+       elseif #input > 1024 then
                return 413, 'input too long'
        end
 

diff --git a/modules/http/http_doh.test.lua b/modules/http/http_doh.test.lua
index 88e7f864474598bd85e37f172c26a2598dbc6e5f..0e00b02b74f94778cb39872fbf40c88b9285d62d 100644 (file)
--- a/modules/http/http_doh.test.lua
+++ b/modules/http/http_doh.test.lua
@@ -167,21 +167,21 @@ else
        local function test_post_long_input()
                local req = assert(req_templ:clone())
                req.headers:upsert(':method', 'POST')
-               req:set_body(string.rep('s', 65536))  -- > DNS msg over UDP
+               req:set_body(string.rep('s', 1025))  -- > DNS msg over UDP
                check_err(req, '413', 'too long POST finishes with 413')
        end
 
        local function test_get_long_input()
                local req = assert(req_templ:clone())
                req.headers:upsert(':method', 'GET')
-               req.headers:upsert(':path', '/doh?dns=' .. basexx.to_url64(string.rep('s', 65536)))
+               req.headers:upsert(':path', '/doh?dns=' .. basexx.to_url64(string.rep('\0', 1030)))
                check_err(req, '414', 'too long GET finishes with 414')
        end
 
        local function test_post_unparseable_input()
                local req = assert(req_templ:clone())
                req.headers:upsert(':method', 'POST')
-               req:set_body(string.rep('\0', 65535))  -- garbage
+               req:set_body(string.rep('\0', 1024))  -- garbage
                check_err(req, '400', 'unparseable DNS message finishes with 400')
        end