dany/ant-http
1
0
Fork 0
mirror of https://github.com/lxsang/ant-http synced 2024-11-16 00:28:21 +01:00
Code Issues Actions Projects Releases Wiki Activity

limit header size

Browse Source
This commit is contained in:
lxsang 2020-08-27 13:31:40 +02:00
parent 56806fb25b
commit 806a7ccc6a
3 changed files with 126 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
dist/antd-1.0.5b.tar.gz vendored
View File

Binary file not shown.

30
http_server.c
View File

@ -18,6 +18,8 @@
#include "lib/ini.h" #include "lib/ini.h"
#include "lib/base64.h" #include "lib/base64.h"
#define HEADER_MAX_SIZE 8192
//define all basic mime here //define all basic mime here
static mime_t _mimes[] = { static mime_t _mimes[] = {
{"image/bmp", "bmp"}, {"image/bmp", "bmp"},
@ -35,9 +37,7 @@ static mime_t _mimes[] = {
{"application/xhtml+xml", "xhtml"}, {"application/xhtml+xml", "xhtml"},
{"application/xml", "xml"}, {"application/xml", "xml"},
{"image/svg+xml", "svg"}, {"image/svg+xml", "svg"},
{NULL,NULL} {NULL, NULL}};
};
static pthread_mutex_t server_mux = PTHREAD_MUTEX_INITIALIZER; static pthread_mutex_t server_mux = PTHREAD_MUTEX_INITIALIZER;
config_t server_config; config_t server_config;
@ -727,6 +727,8 @@ void *decode_request_header(void *data)
char *query = NULL; char *query = NULL;
char *host = NULL; char *host = NULL;
char buf[2 * BUFFLEN]; char buf[2 * BUFFLEN];
int header_size = 0;
int ret;
char *url = (char *)dvalue(rq->request, "REQUEST_QUERY"); char *url = (char *)dvalue(rq->request, "REQUEST_QUERY");
dictionary_t xheader = dvalue(rq->request, "REQUEST_HEADER"); dictionary_t xheader = dvalue(rq->request, "REQUEST_HEADER");
dictionary_t request = dvalue(rq->request, "REQUEST_DATA"); dictionary_t request = dvalue(rq->request, "REQUEST_DATA");
@ -734,8 +736,10 @@ void *decode_request_header(void *data)
port_config_t *pcnf = (port_config_t *)dvalue(server_config.ports, port_s); port_config_t *pcnf = (port_config_t *)dvalue(server_config.ports, port_s);
// first real all header // first real all header
// this for check if web socket is enabled // this for check if web socket is enabled
while ((read_buf(rq->client, buf, sizeof(buf))) && strcmp("\r\n", buf))
while ((( ret = read_buf(rq->client, buf, sizeof(buf))) > 0) && strcmp("\r\n", buf))
{ {
header_size += ret;
line = buf; line = buf;
trim(line, '\n'); trim(line, '\n');
trim(line, '\r'); trim(line, '\r');
@ -759,6 +763,11 @@ void *decode_request_header(void *data)
{ {
host = strdup(line); host = strdup(line);
} }
if(header_size > HEADER_MAX_SIZE)
{
antd_error(rq->client, 413, "Payload Too Large");
return antd_create_task(NULL, (void *)rq, NULL, rq->client->last_io);
}
} }
// check for content length size // check for content length size
line = (char *)dvalue(xheader, "Content-Length"); line = (char *)dvalue(xheader, "Content-Length");
@ -999,7 +1008,8 @@ void *decode_multi_part_request(void *data, const char *ctype)
trim(boundary, ' '); trim(boundary, ' ');
dput(rq->request, "MULTI_PART_BOUNDARY", strdup(boundary)); dput(rq->request, "MULTI_PART_BOUNDARY", strdup(boundary));
//find first boundary //find first boundary
while (( (len = read_buf(rq->client, line, sizeof(line))) > 0 ) && !strstr(line, boundary)); while (((len = read_buf(rq->client, line, sizeof(line))) > 0) && !strstr(line, boundary))
;
if (len > 0) if (len > 0)
{ {
task->handle = decode_multi_part_request_data; task->handle = decode_multi_part_request_data;
@ -1026,7 +1036,9 @@ void *decode_multi_part_request_data(void *data)
char *boundary = (char *)dvalue(rq->request, "MULTI_PART_BOUNDARY"); char *boundary = (char *)dvalue(rq->request, "MULTI_PART_BOUNDARY");
dictionary_t dic = (dictionary_t)dvalue(rq->request, "REQUEST_DATA"); dictionary_t dic = (dictionary_t)dvalue(rq->request, "REQUEST_DATA");
// search for content disposition: // search for content disposition:
while ( ( (len = read_buf(rq->client, buf, sizeof(buf))) > 0 ) && !strstr(buf, "Content-Disposition:"));; while (((len = read_buf(rq->client, buf, sizeof(buf))) > 0) && !strstr(buf, "Content-Disposition:"))
;
;
if (len <= 0 || !strstr(buf, "Content-Disposition:")) if (len <= 0 || !strstr(buf, "Content-Disposition:"))
{ {
@ -1064,7 +1076,9 @@ void *decode_multi_part_request_data(void *data)
if (part_name != NULL) if (part_name != NULL)
{ {
// go to the beginning of data bock // go to the beginning of data bock
while ((len = read_buf(rq->client, buf, sizeof(buf))) > 0 && strcmp(buf, "\r\n") != 0);; while ((len = read_buf(rq->client, buf, sizeof(buf))) > 0 && strcmp(buf, "\r\n") != 0)
;
;
if (part_file == NULL) if (part_file == NULL)
{ {
@ -1088,7 +1102,6 @@ void *decode_multi_part_request_data(void *data)
{ {
line = buf; line = buf;
} }
} }
else else
{ {
@ -1288,7 +1301,6 @@ dictionary_t mimes_list()
return server_config.mimes; return server_config.mimes;
} }
void dbdir(char *dest) void dbdir(char *dest)
{ {
strncpy(dest, server_config.db_path, 512); strncpy(dest, server_config.db_path, 512);