|
 |
93e6fe |
diff -up http-parser-2.7.1/http_parser.c.cve http-parser-2.7.1/http_parser.c
|
|
|
93e6fe |
--- http-parser-2.7.1/http_parser.c.cve 2019-03-22 22:33:28.577238523 +0100
|
|
|
93e6fe |
+++ http-parser-2.7.1/http_parser.c 2019-03-22 22:35:12.237323250 +0100
|
|
|
93e6fe |
@@ -29,6 +29,8 @@
|
|
|
93e6fe |
#include <string.h>
|
|
|
93e6fe |
#include <limits.h>
|
|
|
93e6fe |
|
|
|
93e6fe |
+static uint32_t max_header_size = HTTP_MAX_HEADER_SIZE;
|
|
|
93e6fe |
+
|
|
|
93e6fe |
#ifndef ULLONG_MAX
|
|
|
93e6fe |
# define ULLONG_MAX ((uint64_t) -1) /* 2^64-1 */
|
|
|
93e6fe |
#endif
|
|
|
93e6fe |
@@ -141,20 +143,20 @@ do {
|
|
|
93e6fe |
} while (0)
|
|
|
93e6fe |
|
|
|
93e6fe |
/* Don't allow the total size of the HTTP headers (including the status
|
|
|
93e6fe |
- * line) to exceed HTTP_MAX_HEADER_SIZE. This check is here to protect
|
|
|
93e6fe |
+ * line) to exceed max_header_size. This check is here to protect
|
|
|
93e6fe |
* embedders against denial-of-service attacks where the attacker feeds
|
|
|
93e6fe |
* us a never-ending header that the embedder keeps buffering.
|
|
|
93e6fe |
*
|
|
|
93e6fe |
* This check is arguably the responsibility of embedders but we're doing
|
|
|
93e6fe |
* it on the embedder's behalf because most won't bother and this way we
|
|
|
93e6fe |
- * make the web a little safer. HTTP_MAX_HEADER_SIZE is still far bigger
|
|
|
93e6fe |
+ * make the web a little safer. max_header_size is still far bigger
|
|
|
93e6fe |
* than any reasonable request or response so this should never affect
|
|
|
93e6fe |
* day-to-day operation.
|
|
|
93e6fe |
*/
|
|
|
93e6fe |
#define COUNT_HEADER_SIZE(V) \
|
|
|
93e6fe |
do { \
|
|
|
93e6fe |
parser->nread += (V); \
|
|
|
93e6fe |
- if (UNLIKELY(parser->nread > (HTTP_MAX_HEADER_SIZE))) { \
|
|
|
93e6fe |
+ if (UNLIKELY(parser->nread > (max_header_size))) { \
|
|
|
93e6fe |
SET_ERRNO(HPE_HEADER_OVERFLOW); \
|
|
|
93e6fe |
goto error; \
|
|
|
93e6fe |
} \
|
|
|
93e6fe |
@@ -1538,7 +1540,7 @@ reexecute:
|
|
|
93e6fe |
const char* p_lf;
|
|
|
93e6fe |
size_t limit = data + len - p;
|
|
|
93e6fe |
|
|
|
93e6fe |
- limit = MIN(limit, HTTP_MAX_HEADER_SIZE);
|
|
|
93e6fe |
+ limit = MIN(limit, max_header_size);
|
|
|
93e6fe |
|
|
|
93e6fe |
p_cr = (const char*) memchr(p, CR, limit);
|
|
|
93e6fe |
p_lf = (const char*) memchr(p, LF, limit);
|
|
|
93e6fe |
@@ -2468,3 +2470,8 @@ http_parser_version(void) {
|
|
|
93e6fe |
HTTP_PARSER_VERSION_MINOR * 0x00100 |
|
|
|
93e6fe |
HTTP_PARSER_VERSION_PATCH * 0x00001;
|
|
|
93e6fe |
}
|
|
|
93e6fe |
+
|
|
|
93e6fe |
+void
|
|
|
93e6fe |
+http_parser_set_max_header_size(uint32_t size) {
|
|
|
93e6fe |
+ max_header_size = size;
|
|
|
93e6fe |
+}
|
|
|
93e6fe |
diff -up http-parser-2.7.1/http_parser.h.cve http-parser-2.7.1/http_parser.h
|
|
|
93e6fe |
--- http-parser-2.7.1/http_parser.h.cve 2019-03-22 22:33:37.133245016 +0100
|
|
|
93e6fe |
+++ http-parser-2.7.1/http_parser.h 2019-03-22 22:34:03.640265140 +0100
|
|
|
93e6fe |
@@ -426,6 +426,9 @@ void http_parser_pause(http_parser *pars
|
|
|
93e6fe |
/* Checks if this is the final chunk of the body. */
|
|
|
93e6fe |
int http_body_is_final(const http_parser *parser);
|
|
|
93e6fe |
|
|
|
93e6fe |
+/* Change the maximum header size provided at compile time. */
|
|
|
93e6fe |
+void http_parser_set_max_header_size(uint32_t size);
|
|
|
93e6fe |
+
|
|
|
93e6fe |
#ifdef __cplusplus
|
|
|
93e6fe |
}
|
|
|
93e6fe |
#endif
|