From 77c9a9845bbee66f3aff158b8452dc8cd963cbd5 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Emilio=20Cobos=20=C3=81lvarez?= <emilio@crisal.io>
Date: Thu, 18 May 2023 18:22:57 +0200
Subject: [PATCH] http2: double http request parser max line length

This works around #11138, by doubling the limit, and should be a
relatively safe fix.

Ideally the buffer would grow as needed and there would be no need for a
limit? But that might be follow-up material.

Fixes #11138
Closes #11139
---
 lib/http1.h             | 2 ++
 lib/http2.c             | 2 +-
 lib/vquic/curl_msh3.c   | 2 +-
 lib/vquic/curl_ngtcp2.c | 2 +-
 lib/vquic/curl_quiche.c | 2 +-
 5 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/lib/http1.h b/lib/http1.h
index c2d107587a..8acb9db401 100644
--- a/lib/http1.h
+++ b/lib/http1.h
@@ -33,6 +33,8 @@
 #define H1_PARSE_OPT_NONE       (0)
 #define H1_PARSE_OPT_STRICT     (1 << 0)
 
+#define H1_PARSE_DEFAULT_MAX_LINE_LEN (8 * 1024)
+
 struct h1_req_parser {
   struct http_req *req;
   struct bufq scratch;
diff --git a/lib/http2.c b/lib/http2.c
index 47e6f71393..4e3b182b8d 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -1860,7 +1860,7 @@ static ssize_t h2_submit(struct stream_ctx **pstream,
   nghttp2_priority_spec pri_spec;
   ssize_t nwritten;
 
-  Curl_h1_req_parse_init(&h1, (4*1024));
+  Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
   Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
 
   *err = http2_data_setup(cf, data, &stream);
diff --git a/lib/vquic/curl_msh3.c b/lib/vquic/curl_msh3.c
index 40e89379fc..173886739b 100644
--- a/lib/vquic/curl_msh3.c
+++ b/lib/vquic/curl_msh3.c
@@ -575,7 +575,7 @@ static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data,
 
   CF_DATA_SAVE(save, cf, data);
 
-  Curl_h1_req_parse_init(&h1, (4*1024));
+  Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
   Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
 
   /* Sizes must match for cast below to work" */
diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
index 05f960afdf..7794f148c6 100644
--- a/lib/vquic/curl_ngtcp2.c
+++ b/lib/vquic/curl_ngtcp2.c
@@ -1550,7 +1550,7 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf,
   nghttp3_data_reader reader;
   nghttp3_data_reader *preader = NULL;
 
-  Curl_h1_req_parse_init(&h1, (4*1024));
+  Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
   Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
 
   *err = h3_data_setup(cf, data);
diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c
index 392b9beb83..c63e8e10a2 100644
--- a/lib/vquic/curl_quiche.c
+++ b/lib/vquic/curl_quiche.c
@@ -913,7 +913,7 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf,
     DEBUGASSERT(stream);
   }
 
-  Curl_h1_req_parse_init(&h1, (4*1024));
+  Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
   Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
 
   DEBUGASSERT(stream);
-- 
2.47.3