Send a 413 if header_recv buffer is full. - kore - Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.

commit 783cc6cd4c11835e7edd5795e73baeb5990bcfb6
parent 80db912c349259059993574c3aa080367abeb3a6
Author: Joris Vink <joris@coders.se>
Date:   Wed,  7 Sep 2022 12:41:38 +0200

Send a 413 if header_recv buffer is full.

Kore used to just stall the connection until the timeout kicked
in, but if no proper headers were received by the time the header
buffer is full we should just error out.

While here, use s_off for the inital length check.

Diffstat:
src/http.c  | 10 ++++++++--

1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/http.c b/src/http.c
@@ -799,7 +799,7 @@ http_header_recv(struct netbuf *nb)
 
 	c = nb->owner;
 
-	if (nb->b_len < 4)
+	if (nb->s_off < 4)
 		return (KORE_RESULT_OK);
 
 	if (!isalpha(nb->buf[0])) {
@@ -811,8 +811,14 @@ http_header_recv(struct netbuf *nb)
 	end_headers = kore_mem_find(nb->buf, nb->s_off, "\r\n\r\n", 4);
 	if (end_headers == NULL) {
 		end_headers = kore_mem_find(nb->buf, nb->s_off, "\n\n", 2);
-		if (end_headers == NULL)
+		if (end_headers == NULL) {
+			if (nb->s_off == http_header_max) {
+				http_error_response(c,
+				    HTTP_STATUS_REQUEST_ENTITY_TOO_LARGE);
+				return (KORE_RESULT_ERROR);
+			}
 			return (KORE_RESULT_OK);
+		}
 		skip = 2;
 	}

	kore Kore is a web application platform for writing scalable, concurrent web based processes in C or Python.
	Commits \| Files \| Refs \| README \| LICENSE \| git clone https://git.kore.io/kore.git