Add HTTP Header size limits

diff --git a/lib/remote/httprequest.cpp b/lib/remote/httprequest.cpp
index 0a2f161abd62cbe3e32dc7ebd5a7d0dd7775c48f..b29088092e05dcc395132877115ccc741e07410b 100644 (file)
--- a/lib/remote/httprequest.cpp
+++ b/lib/remote/httprequest.cpp
@@ -45,8 +45,15 @@ bool HttpRequest::Parse(StreamReadContext& src, bool may_wait)
                String line;
                StreamReadStatus srs = m_Stream->ReadLine(&line, src, may_wait);
 
-               if (srs != StatusNewItem)
+               if (srs != StatusNewItem) {
+                       if (src.Size > 512)
+                               BOOST_THROW_EXCEPTION(std::invalid_argument("Line length for HTTP header exceeded"));
+
                        return false;
+               }
+
+               if (line.GetLength() > 512)
+                       BOOST_THROW_EXCEPTION(std::invalid_argument("Line length for HTTP header exceeded"));
 
                if (m_State == HttpRequestStart) {
                        /* ignore trailing new-lines */
@@ -84,6 +91,9 @@ bool HttpRequest::Parse(StreamReadContext& src, bool may_wait)
                                return true;
 
                        } else {
+                               if (Headers->GetLength() > 128)
+                                       BOOST_THROW_EXCEPTION(std::invalid_argument("Maximum number of HTTP request headers exceeded"));
+
                                String::SizeType pos = line.FindFirstOf(":");
                                if (pos == String::NPos)
                                        BOOST_THROW_EXCEPTION(std::invalid_argument("Invalid HTTP request"));