Add HTTP Header size limits

diff --git a/lib/remote/httprequest.cpp b/lib/remote/httprequest.cpp
index b85a3d0ecc4aa857df8464b11f0150c4a46bd6ec..11480d86aabbd395f65802cac1583e3ea259a358 100644 (file)
--- a/lib/remote/httprequest.cpp
+++ b/lib/remote/httprequest.cpp
@@ -41,8 +41,15 @@ bool HttpRequest::Parse(StreamReadContext& src, bool may_wait)
                String line;
                StreamReadStatus srs = m_Stream->ReadLine(&line, src, may_wait);
 
-               if (srs != StatusNewItem)
+               if (srs != StatusNewItem) {
+                       if (src.Size > 512)
+                               BOOST_THROW_EXCEPTION(std::invalid_argument("Line length for HTTP header exceeded"));
+
                        return false;
+               }
+
+               if (line.GetLength() > 512)
+                       BOOST_THROW_EXCEPTION(std::invalid_argument("Line length for HTTP header exceeded"));
 
                if (m_State == HttpRequestStart) {
                        /* ignore trailing new-lines */
@@ -79,6 +86,9 @@ bool HttpRequest::Parse(StreamReadContext& src, bool may_wait)
                                return true;
 
                        } else {
+                               if (Headers->GetLength() > 128)
+                                       BOOST_THROW_EXCEPTION(std::invalid_argument("Maximum number of HTTP request headers exceeded"));
+
                                String::SizeType pos = line.FindFirstOf(":");
                                if (pos == String::NPos)
                                        BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid HTTP request"));