From: Otto Moerbeek Date: Tue, 10 Mar 2026 09:36:27 +0000 (+0100) Subject: Fix two cases of lacking/wrong max size compares (YWH-PGM6095-90) X-Git-Tag: auth-5.1.0-beta1~30^2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=81bb343497f449adb9e3e7d02188fbcc21ec79db;p=thirdparty%2Fpdns.git Fix two cases of lacking/wrong max size compares (YWH-PGM6095-90) Signed-off-by: Otto Moerbeek --- diff --git a/ext/yahttp/yahttp/reqresp.cpp b/ext/yahttp/yahttp/reqresp.cpp index a96def6e0d..e128dad4d7 100644 --- a/ext/yahttp/yahttp/reqresp.cpp +++ b/ext/yahttp/yahttp/reqresp.cpp @@ -40,7 +40,19 @@ namespace YaHTTP { } template - bool AsyncLoader::feed(const std::string& somedata) { + bool AsyncLoader::feed(const std::string& somedata) + { + if (state < 2) { + headersize += somedata.length(); // maye include some body data, we don't know yet... + if (headersize > target->max_header_size) { + if (target->kind == YAHTTP_TYPE_REQUEST) { + throw ParseError("Request header too large"); + } + else { + throw ParseError("Response header too large"); + } + } + } buffer.append(somedata); while(state < 2) { int cr=0; @@ -155,8 +167,8 @@ namespace YaHTTP { maxbody = minbody; } if (minbody < 1) return true; // guess there isn't anything left. - if (target->kind == YAHTTP_TYPE_REQUEST && static_cast(minbody) > target->max_request_size) throw ParseError("Max request body size exceeded"); - else if (target->kind == YAHTTP_TYPE_RESPONSE && static_cast(minbody) > target->max_response_size) throw ParseError("Max response body size exceeded"); + if (target->kind == YAHTTP_TYPE_REQUEST && minbody > target->max_request_size) throw ParseError("Max request body size exceeded"); + else if (target->kind == YAHTTP_TYPE_RESPONSE && minbody > target->max_response_size) throw ParseError("Max response body size exceeded"); } if (maxbody == 0) hasBody = false; diff --git a/ext/yahttp/yahttp/reqresp.hpp b/ext/yahttp/yahttp/reqresp.hpp index e420c24a15..180b2d7bb5 100644 --- a/ext/yahttp/yahttp/reqresp.hpp +++ b/ext/yahttp/yahttp/reqresp.hpp @@ -20,6 +20,10 @@ namespace funcptr = boost; #include +#ifndef YAHTTP_MAX_HEADER_SIZE +#define YAHTTP_MAX_HEADER_SIZE (100 * 1024) +#endif + #ifndef YAHTTP_MAX_REQUEST_SIZE #define YAHTTP_MAX_REQUEST_SIZE 2097152 #endif @@ -108,6 +112,7 @@ namespace YaHTTP { #endif max_request_size = YAHTTP_MAX_REQUEST_SIZE; max_response_size = YAHTTP_MAX_RESPONSE_SIZE; + max_header_size = YAHTTP_MAX_HEADER_SIZE; url = ""; method = ""; statusText = ""; @@ -130,6 +135,7 @@ protected: this->parameters = rhs.parameters; this->getvars = rhs.getvars; this->body = rhs.body; this->max_request_size = rhs.max_request_size; this->max_response_size = rhs.max_response_size; this->version = rhs.version; + this->max_header_size = rhs.max_header_size; #ifdef HAVE_CPP_FUNC_PTR this->renderer = rhs.renderer; #endif @@ -143,6 +149,7 @@ protected: this->parameters = rhs.parameters; this->getvars = rhs.getvars; this->body = rhs.body; this->max_request_size = rhs.max_request_size; this->max_response_size = rhs.max_response_size; this->version = rhs.version; + this->max_header_size = rhs.max_header_size; #ifdef HAVE_CPP_FUNC_PTR this->renderer = rhs.renderer; #endif @@ -166,8 +173,9 @@ public: std::string body; // renderer; //target = target_; hasBody = false; buffer = ""; + headersize = 0; this->target->initialize(); }; //