From: Michael Friedrich <michael.friedrich@icinga.com>
Date: Wed, 6 Jun 2018 18:23:14 +0000 (+0200)
Subject: Increase header size to 8KB for HTTP requests
X-Git-Tag: v2.9.0~40^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=refs%2Fpull%2F6357%2Fhead;p=icinga2

Increase header size to 8KB for HTTP requests

This is the default for Tomcat and Apache too
and avoids problems with cookies and long URLs.

fixes #6355
---

diff --git a/doc/12-icinga2-api.md b/doc/12-icinga2-api.md
index d427505ad..c029aee0e 100644
--- a/doc/12-icinga2-api.md
+++ b/doc/12-icinga2-api.md
@@ -83,6 +83,8 @@ All requests apart from `GET` require that the following `Accept` header is set:
 
 Each URL is prefixed with the API version (currently "/v1").
 
+HTTP header size is limited to 8KB.
+
 ### Responses <a id="icinga2-api-responses"></a>
 
 Successful requests will send back a response body containing a `results`
diff --git a/lib/remote/httprequest.cpp b/lib/remote/httprequest.cpp
index 55d6f0a3f..f698b2101 100644
--- a/lib/remote/httprequest.cpp
+++ b/lib/remote/httprequest.cpp
@@ -46,14 +46,20 @@ bool HttpRequest::ParseHeaders(StreamReadContext& src, bool may_wait)
 	StreamReadStatus srs = m_Stream->ReadLine(&line, src, may_wait);
 
 	if (srs != StatusNewItem) {
-		if (src.Size > 512)
+		if (src.Size > 8 * 1024)
 			BOOST_THROW_EXCEPTION(std::invalid_argument("Line length for HTTP header exceeded"));
 
 		return false;
 	}
 
-	if (line.GetLength() > 512)
+	if (line.GetLength() > 8 * 1024) {
+#ifdef I2_DEBUG /* I2_DEBUG */
+		Log(LogDebug, "HttpRequest")
+			<< "Header size: " << line.GetLength() << " content: '" << line << "'.";
+#endif /* I2_DEBUG */
+
 		BOOST_THROW_EXCEPTION(std::invalid_argument("Line length for HTTP header exceeded"));
+	}
 
 	if (m_State == HttpRequestStart) {
 		/* ignore trailing new-lines */