forked/hyper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #191 from reem/max-header-lengths

Browse Source 
(fix) Harden header parsing against memory exhaustion attacks.
This commit is contained in:
Sean McArthur
2014-12-11 20:31:44 -08:00
parent 7f931845cc b1ab03f7f8
commit 1d7ec47807
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/http.rs
View File

@@ -486,6 +486,9 @@ pub fn read_http_version<R: Reader>(stream: &mut R) -> HttpResult<HttpVersion> {
} }
} }
const MAX_HEADER_NAME_LENGTH: uint = 100;
const MAX_HEADER_FIELD_LENGTH: uint = 1000;
/// The raw bytes when parsing a header line. /// The raw bytes when parsing a header line.
/// ///
/// A String and Vec<u8>, divided by COLON (`:`). The String is guaranteed /// A String and Vec<u8>, divided by COLON (`:`). The String is guaranteed
@@ -525,7 +528,10 @@ pub fn read_header<R: Reader>(stream: &mut R) -> HttpResult<Option<RawHeaderLine
} }
}, },
b':' => break, b':' => break,
b if is_token(b) => name.push(b as char), b if is_token(b) => {
if name.len() > MAX_HEADER_NAME_LENGTH { return Err(HttpHeaderError); }
name.push(b as char)
},
_nontoken => return Err(HttpHeaderError) _nontoken => return Err(HttpHeaderError)
}; };
} }
@@ -542,6 +548,7 @@ pub fn read_header<R: Reader>(stream: &mut R) -> HttpResult<Option<RawHeaderLine
b' ' if ows => {}, b' ' if ows => {},
b => { b => {
ows = false; ows = false;
if value.len() > MAX_HEADER_FIELD_LENGTH { return Err(HttpHeaderError); }
value.push(b) value.push(b)
} }
}; };