diff options
author | Eric Wong <e@80x24.org> | 2016-03-06 02:09:20 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2016-03-06 02:10:24 +0000 |
commit | 90d7c7c49b6af90624cca042deb9af38a5e44a2f (patch) | |
tree | eddafbb842a13af8539c80c7e5cd84d0b4f36a4a /lib | |
parent | 2ea979f43ec87547b7dfb74312a21062044d018a (diff) | |
download | public-inbox-90d7c7c49b6af90624cca042deb9af38a5e44a2f.tar.gz |
HTTP::Parser::XS::PP does not reject excessively large headers like the XS version. Ensure we reject headers over 16K since public-inbox should never need such large request headers.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/PublicInbox/HTTP.pm | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/lib/PublicInbox/HTTP.pm b/lib/PublicInbox/HTTP.pm index 6c4c20d7..8988e7d2 100644 --- a/lib/PublicInbox/HTTP.pm +++ b/lib/PublicInbox/HTTP.pm @@ -70,7 +70,11 @@ sub rbuf_process { # We do not support Trailers in chunked requests, for now # (they are rarely-used and git (as of 2.7.2) does not use them) - return quit($self, 400) if $r == -1 || $env{HTTP_TRAILER}; + if ($r == -1 || $env{HTTP_TRAILER} || + # this length-check is necessary for PURE_PERL=1: + ($r == -2 && length($self->{rbuf}) > 0x4000)) { + return quit($self, 400); + } return $self->watch_read(1) if $r < 0; # incomplete $self->{rbuf} = substr($self->{rbuf}, $r); |