Fix two cases of lacking/wrong max size compares (YWH-PGM6095-90)

author Otto Moerbeek <otto.moerbeek@open-xchange.com>

Tue, 10 Mar 2026 09:36:27 +0000 (10:36 +0100)

committer Otto Moerbeek <otto.moerbeek@open-xchange.com>

Wed, 11 Mar 2026 09:09:05 +0000 (10:09 +0100)
author Otto Moerbeek <otto.moerbeek@open-xchange.com>
Tue, 10 Mar 2026 09:36:27 +0000 (10:36 +0100)
committer Otto Moerbeek <otto.moerbeek@open-xchange.com>
Wed, 11 Mar 2026 09:09:05 +0000 (10:09 +0100)
diff --git a/ext/yahttp/yahttp/reqresp.cpp b/ext/yahttp/yahttp/reqresp.cpp

index a96def6e0d07ea81e6c2f184915f24e916e5fd21..e128dad4d7cb4d35e0ffadacb2b6acc6964025f7 100644 (file)
--- a/ext/yahttp/yahttp/reqresp.cpp
+++ b/ext/yahttp/yahttp/reqresp.cpp
@@ -40,7 +40,19 @@ namespace YaHTTP {
    }
  
    template <class T>
-  bool AsyncLoader<T>::feed(const std::string& somedata) {
+  bool AsyncLoader<T>::feed(const std::string& somedata)
+  {
+    if (state < 2) {
+      headersize += somedata.length(); // maye include some body data, we don't know yet...
+      if (headersize > target->max_header_size) {
+        if (target->kind == YAHTTP_TYPE_REQUEST) {
+          throw ParseError("Request header too large");
+        }
+        else {
+          throw ParseError("Response header too large");
+        }
+      }
+    }
      buffer.append(somedata);
      while(state < 2) {
        int cr=0;
@@ -155,8 +167,8 @@ namespace YaHTTP {
          maxbody = minbody;
        }
        if (minbody < 1) return true; // guess there isn't anything left.
-      if (target->kind == YAHTTP_TYPE_REQUEST && static_cast<ssize_t>(minbody) > target->max_request_size) throw ParseError("Max request body size exceeded");
-      else if (target->kind == YAHTTP_TYPE_RESPONSE && static_cast<ssize_t>(minbody) > target->max_response_size) throw ParseError("Max response body size exceeded");
+      if (target->kind == YAHTTP_TYPE_REQUEST && minbody > target->max_request_size) throw ParseError("Max request body size exceeded");
+      else if (target->kind == YAHTTP_TYPE_RESPONSE && minbody > target->max_response_size) throw ParseError("Max response body size exceeded");
      }
  
      if (maxbody == 0) hasBody = false;
diff --git a/ext/yahttp/yahttp/reqresp.hpp b/ext/yahttp/yahttp/reqresp.hpp

index e420c24a153ba20487db5b6bf674d6a6438a85fd..180b2d7bb5431bab4c45a4d34c0ea69b68273fd6 100644 (file)
--- a/ext/yahttp/yahttp/reqresp.hpp
+++ b/ext/yahttp/yahttp/reqresp.hpp
@@ -20,6 +20,10 @@ namespace funcptr = boost;
  
  #include <algorithm>
  
+#ifndef YAHTTP_MAX_HEADER_SIZE
+#define YAHTTP_MAX_HEADER_SIZE (100 * 1024)
+#endif
+
  #ifndef YAHTTP_MAX_REQUEST_SIZE
  #define YAHTTP_MAX_REQUEST_SIZE 2097152
  #endif
@@ -108,6 +112,7 @@ namespace YaHTTP {
  #endif
        max_request_size = YAHTTP_MAX_REQUEST_SIZE;
        max_response_size = YAHTTP_MAX_RESPONSE_SIZE;
+      max_header_size = YAHTTP_MAX_HEADER_SIZE;
        url = "";
        method = "";
        statusText = "";
@@ -130,6 +135,7 @@ protected:
        this->parameters = rhs.parameters; this->getvars = rhs.getvars;
        this->body = rhs.body; this->max_request_size = rhs.max_request_size;
        this->max_response_size = rhs.max_response_size; this->version = rhs.version;
+      this->max_header_size = rhs.max_header_size;
  #ifdef HAVE_CPP_FUNC_PTR
        this->renderer = rhs.renderer;
  #endif
@@ -143,6 +149,7 @@ protected:
        this->parameters = rhs.parameters; this->getvars = rhs.getvars;
        this->body = rhs.body; this->max_request_size = rhs.max_request_size;
        this->max_response_size = rhs.max_response_size; this->version = rhs.version;
+      this->max_header_size = rhs.max_header_size;
  #ifdef HAVE_CPP_FUNC_PTR
        this->renderer = rhs.renderer;
  #endif
@@ -166,8 +173,9 @@ public:
  
      std::string body; //<! the actual content
  
-    ssize_t max_request_size; //<! maximum size of request
-    ssize_t max_response_size;  //<! maximum size of response
+    size_t max_request_size; //<! maximum size of request
+    size_t max_response_size; //<! maximum size of response
+    size_t max_header_size; //<! maximum size of headers
      bool is_multipart; //<! if the request is multipart, prevents Content-Length header
  #ifdef HAVE_CPP_FUNC_PTR
      funcptr::function<size_t(const HTTPBase*,std::ostream&,bool)> renderer; //<! rendering function
@@ -305,6 +313,7 @@ public:
      std::ostringstream bodybuf; //<! buffer for body
      size_t maxbody; //<! maximum size of body
      size_t minbody; //<! minimum size of body
+    size_t headersize;                 
      bool hasBody; //<! are we expecting body
  
      void keyValuePair(const std::string &keyvalue, std::string &key, std::string &value); //<! key value pair parser helper
@@ -315,6 +324,7 @@ public:
        pos = 0; state = 0; this->target = target_;
        hasBody = false;
        buffer = "";
+      headersize = 0;
        this->target->initialize();
      }; //<! Initialize the parser for target and clear state
      bool feed(const std::string& somedata); //<! Feed data to the parser
author	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Tue, 10 Mar 2026 09:36:27 +0000 (10:36 +0100)
committer	Otto Moerbeek <otto.moerbeek@open-xchange.com>
	Wed, 11 Mar 2026 09:09:05 +0000 (10:09 +0100)
ext/yahttp/yahttp/reqresp.cpp		patch \| blob \| blame \| history
ext/yahttp/yahttp/reqresp.hpp		patch \| blob \| blame \| history