nghttp: Limit incoming header field buffer
This commit is contained in:
Tatsuhiro Tsujikawa
parent
b2264ad57e
commit
ff22862b9d
|
|
@ -155,6 +155,7 @@ Request::Request(const std::string &uri, const http_parser_url &u,
|
||||||
inflater(nullptr),
|
inflater(nullptr),
|
||||||
html_parser(nullptr),
|
html_parser(nullptr),
|
||||||
data_prd(data_prd),
|
data_prd(data_prd),
|
||||||
|
header_buffer_size(0),
|
||||||
stream_id(-1),
|
stream_id(-1),
|
||||||
status(0),
|
status(0),
|
||||||
level(level),
|
level(level),
|
||||||
|
|
@ -1736,6 +1737,14 @@ int on_header_callback(nghttp2_session *session, const nghttp2_frame *frame,
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (req->header_buffer_size + namelen + valuelen > 64_k) {
|
||||||
|
nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE, frame->hd.stream_id,
|
||||||
|
NGHTTP2_INTERNAL_ERROR);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
req->header_buffer_size += namelen + valuelen;
|
||||||
|
|
||||||
auto token = http2::lookup_token(name, namelen);
|
auto token = http2::lookup_token(name, namelen);
|
||||||
|
|
||||||
http2::index_header(req->res_hdidx, token, req->res_nva.size());
|
http2::index_header(req->res_hdidx, token, req->res_nva.size());
|
||||||
|
|
@ -1751,6 +1760,15 @@ int on_header_callback(nghttp2_session *session, const nghttp2_frame *frame,
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (req->header_buffer_size + namelen + valuelen > 64_k) {
|
||||||
|
nghttp2_submit_rst_stream(session, NGHTTP2_FLAG_NONE,
|
||||||
|
frame->push_promise.promised_stream_id,
|
||||||
|
NGHTTP2_INTERNAL_ERROR);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
req->header_buffer_size += namelen + valuelen;
|
||||||
|
|
||||||
auto token = http2::lookup_token(name, namelen);
|
auto token = http2::lookup_token(name, namelen);
|
||||||
|
|
||||||
http2::index_header(req->req_hdidx, token, req->req_nva.size());
|
http2::index_header(req->req_hdidx, token, req->req_nva.size());
|
||||||
|
|
@ -1838,6 +1856,10 @@ int on_frame_recv_callback2(nghttp2_session *session,
|
||||||
if (!req) {
|
if (!req) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Reset for response header field reception
|
||||||
|
req->header_buffer_size = 0;
|
||||||
|
|
||||||
auto scheme = req->get_req_header(http2::HD__SCHEME);
|
auto scheme = req->get_req_header(http2::HD__SCHEME);
|
||||||
auto authority = req->get_req_header(http2::HD__AUTHORITY);
|
auto authority = req->get_req_header(http2::HD__AUTHORITY);
|
||||||
auto path = req->get_req_header(http2::HD__PATH);
|
auto path = req->get_req_header(http2::HD__PATH);
|
||||||
|
|
|
||||||
|
|
@ -150,6 +150,7 @@ struct Request {
|
||||||
nghttp2_gzip *inflater;
|
nghttp2_gzip *inflater;
|
||||||
HtmlParser *html_parser;
|
HtmlParser *html_parser;
|
||||||
const nghttp2_data_provider *data_prd;
|
const nghttp2_data_provider *data_prd;
|
||||||
|
size_t header_buffer_size;
|
||||||
int32_t stream_id;
|
int32_t stream_id;
|
||||||
int status;
|
int status;
|
||||||
// Recursion level: 0: first entity, 1: entity linked from first entity
|
// Recursion level: 0: first entity, 1: entity linked from first entity
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue