nodejs/http-parser
1
0
Fork 0
mirror of https://github.com/nodejs/http-parser.git synced 2025-10-21 23:52:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

src: tighten header field/value loops

Browse Source
This commit is contained in:
Fedor Indutny
2014-11-28 23:08:52 +03:00
parent 6132d1fefa
commit 0cb0ee672c
1 changed files with 129 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
http_parser.c
View File

@@ -128,6 +128,26 @@ do { \
} \ } \
} while (0) } while (0)
/* Don't allow the total size of the HTTP headers (including the status
* line) to exceed HTTP_MAX_HEADER_SIZE. This check is here to protect
* embedders against denial-of-service attacks where the attacker feeds
* us a never-ending header that the embedder keeps buffering.
*
* This check is arguably the responsibility of embedders but we're doing
* it on the embedder's behalf because most won't bother and this way we
* make the web a little safer. HTTP_MAX_HEADER_SIZE is still far bigger
* than any reasonable request or response so this should never affect
* day-to-day operation.
*/
#define COUNT_HEADER_SIZE(V) \
do { \
parser->nread += (V); \
if (parser->nread > (HTTP_MAX_HEADER_SIZE)) { \
SET_ERRNO(HPE_HEADER_OVERFLOW); \
goto error; \
} \
} while (0)
#define PROXY_CONNECTION "proxy-connection" #define PROXY_CONNECTION "proxy-connection"
#define CONNECTION "connection" #define CONNECTION "connection"
@@ -655,24 +675,8 @@ size_t http_parser_execute (http_parser *parser,
for (p=data; p != data + len; p++) { for (p=data; p != data + len; p++) {
ch = *p; ch = *p;
if (PARSING_HEADER(CURRENT_STATE())) { if (PARSING_HEADER(CURRENT_STATE()))
++parser->nread; COUNT_HEADER_SIZE(1);
/* Don't allow the total size of the HTTP headers (including the status
* line) to exceed HTTP_MAX_HEADER_SIZE. This check is here to protect
* embedders against denial-of-service attacks where the attacker feeds
* us a never-ending header that the embedder keeps buffering.
*
* This check is arguably the responsibility of embedders but we're doing
* it on the embedder's behalf because most won't bother and this way we
* make the web a little safer. HTTP_MAX_HEADER_SIZE is still far bigger
* than any reasonable request or response so this should never affect
* day-to-day operation.
*/
if (parser->nread > (HTTP_MAX_HEADER_SIZE)) {
SET_ERRNO(HPE_HEADER_OVERFLOW);
goto error;
}
}
reexecute_byte: reexecute_byte:
switch (CURRENT_STATE()) { switch (CURRENT_STATE()) {
@@ -1293,9 +1297,14 @@ size_t http_parser_execute (http_parser *parser,
case s_header_field: case s_header_field:
{ {
const char* start = p;
for (; p != data + len; p++) {
ch = *p;
c = TOKEN(ch); c = TOKEN(ch);
if (c) { if (!c)
break;
switch (parser->header_state) { switch (parser->header_state) {
case h_general: case h_general:
break; break;
@@ -1396,6 +1405,12 @@ size_t http_parser_execute (http_parser *parser,
assert(0 && "Unknown header_state"); assert(0 && "Unknown header_state");
break; break;
} }
}
COUNT_HEADER_SIZE(p - start);
if (p == data + len) {
--p;
break; break;
} }
@@ -1478,7 +1493,9 @@ size_t http_parser_execute (http_parser *parser,
case s_header_value: case s_header_value:
{ {
const char* start = p;
for (; p != data + len; p++) {
ch = *p;
if (ch == CR) { if (ch == CR) {
UPDATE_STATE(s_header_almost_done); UPDATE_STATE(s_header_almost_done);
CALLBACK_DATA(header_value); CALLBACK_DATA(header_value);
@@ -1487,6 +1504,7 @@ size_t http_parser_execute (http_parser *parser,
if (ch == LF) { if (ch == LF) {
UPDATE_STATE(s_header_almost_done); UPDATE_STATE(s_header_almost_done);
COUNT_HEADER_SIZE(p - start);
CALLBACK_DATA_NOADVANCE(header_value); CALLBACK_DATA_NOADVANCE(header_value);
goto reexecute_byte; goto reexecute_byte;
} }
@@ -1570,6 +1588,12 @@ size_t http_parser_execute (http_parser *parser,
parser->header_state = h_general; parser->header_state = h_general;
break; break;
} }
}
COUNT_HEADER_SIZE(p - start);
if (p == data + len)
--p;
break; break;
} }