net-misc/curl/files/curl-8.1.0-header-length.patch - third_party/overlays/portage-stable - Git at Google

 https://github.com/curl/curl/commit/77c9a9845bbee66f3aff158b8452dc8cd963cbd5.patch
 From: =?UTF-8?q?Emilio=20Cobos=20=C3=81lvarez?= <emilio@crisal.io>
 Date: Thu, 18 May 2023 18:22:57 +0200
 Subject: [PATCH] http2: double http request parser max line length

 This works around #11138, by doubling the limit, and should be a
 relatively safe fix.

 Ideally the buffer would grow as needed and there would be no need for a
 limit? But that might be follow-up material.

 Fixes #11138
 Closes #11139
 ---
  lib/http1.h             | 2 ++
  lib/http2.c             | 2 +-
  lib/vquic/curl_msh3.c   | 2 +-
  lib/vquic/curl_ngtcp2.c | 2 +-
  lib/vquic/curl_quiche.c | 2 +-
  5 files changed, 6 insertions(+), 4 deletions(-)

 diff --git a/lib/http1.h b/lib/http1.h
 index c2d107587a6f8..8acb9db401a95 100644
 --- a/lib/http1.h
 +++ b/lib/http1.h
 @@ -33,6 +33,8 @@
  #define H1_PARSE_OPT_NONE       (0)
  #define H1_PARSE_OPT_STRICT     (1 << 0)

 +#define H1_PARSE_DEFAULT_MAX_LINE_LEN (8 * 1024)
 +
  struct h1_req_parser {
    struct http_req *req;
    struct bufq scratch;
 diff --git a/lib/http2.c b/lib/http2.c
 index 47e6f71393156..4e3b182b8d815 100644
 --- a/lib/http2.c
 +++ b/lib/http2.c
 @@ -1860,7 +1860,7 @@ static ssize_t h2_submit(struct stream_ctx **pstream,
    nghttp2_priority_spec pri_spec;
    ssize_t nwritten;

 -  Curl_h1_req_parse_init(&h1, (4*1024));
 +  Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
    Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);

    *err = http2_data_setup(cf, data, &stream);
 diff --git a/lib/vquic/curl_msh3.c b/lib/vquic/curl_msh3.c
 index 40e89379fc402..173886739b6dc 100644
 --- a/lib/vquic/curl_msh3.c
 +++ b/lib/vquic/curl_msh3.c
 @@ -575,7 +575,7 @@ static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data,

    CF_DATA_SAVE(save, cf, data);

 -  Curl_h1_req_parse_init(&h1, (4*1024));
 +  Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
    Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);

    /* Sizes must match for cast below to work" */
 diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
 index 05f960afdffa1..7794f148c6ec9 100644
 --- a/lib/vquic/curl_ngtcp2.c
 +++ b/lib/vquic/curl_ngtcp2.c
 @@ -1550,7 +1550,7 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf,
    nghttp3_data_reader reader;
    nghttp3_data_reader *preader = NULL;

 -  Curl_h1_req_parse_init(&h1, (4*1024));
 +  Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
    Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);

    *err = h3_data_setup(cf, data);
 diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c
 index 392b9beb83c59..c63e8e10a22e0 100644
 --- a/lib/vquic/curl_quiche.c
 +++ b/lib/vquic/curl_quiche.c
 @@ -913,7 +913,7 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf,
      DEBUGASSERT(stream);
    }

 -  Curl_h1_req_parse_init(&h1, (4*1024));
 +  Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
    Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);

    DEBUGASSERT(stream);
	https://github.com/curl/curl/commit/77c9a9845bbee66f3aff158b8452dc8cd963cbd5.patch
	From: =?UTF-8?q?Emilio=20Cobos=20=C3=81lvarez?= <emilio@crisal.io>
	Date: Thu, 18 May 2023 18:22:57 +0200
	Subject: [PATCH] http2: double http request parser max line length

	This works around #11138, by doubling the limit, and should be a
	relatively safe fix.

	Ideally the buffer would grow as needed and there would be no need for a
	limit? But that might be follow-up material.

	Fixes #11138
	Closes #11139
	---
	lib/http1.h \| 2 ++
	lib/http2.c \| 2 +-
	lib/vquic/curl_msh3.c \| 2 +-
	lib/vquic/curl_ngtcp2.c \| 2 +-
	lib/vquic/curl_quiche.c \| 2 +-
	5 files changed, 6 insertions(+), 4 deletions(-)

	diff --git a/lib/http1.h b/lib/http1.h
	index c2d107587a6f8..8acb9db401a95 100644
	--- a/lib/http1.h
	+++ b/lib/http1.h
	@@ -33,6 +33,8 @@
	#define H1_PARSE_OPT_NONE (0)
	#define H1_PARSE_OPT_STRICT (1 << 0)

	+#define H1_PARSE_DEFAULT_MAX_LINE_LEN (8 * 1024)
	+
	struct h1_req_parser {
	struct http_req *req;
	struct bufq scratch;
	diff --git a/lib/http2.c b/lib/http2.c
	index 47e6f71393156..4e3b182b8d815 100644
	--- a/lib/http2.c
	+++ b/lib/http2.c
	@@ -1860,7 +1860,7 @@ static ssize_t h2_submit(struct stream_ctx **pstream,
	nghttp2_priority_spec pri_spec;
	ssize_t nwritten;

	- Curl_h1_req_parse_init(&h1, (4*1024));
	+ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
	Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);

	*err = http2_data_setup(cf, data, &stream);
	diff --git a/lib/vquic/curl_msh3.c b/lib/vquic/curl_msh3.c
	index 40e89379fc402..173886739b6dc 100644
	--- a/lib/vquic/curl_msh3.c
	+++ b/lib/vquic/curl_msh3.c
	@@ -575,7 +575,7 @@ static ssize_t cf_msh3_send(struct Curl_cfilter cf, struct Curl_easy data,

	CF_DATA_SAVE(save, cf, data);

	- Curl_h1_req_parse_init(&h1, (4*1024));
	+ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
	Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);

	/* Sizes must match for cast below to work" */
	diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
	index 05f960afdffa1..7794f148c6ec9 100644
	--- a/lib/vquic/curl_ngtcp2.c
	+++ b/lib/vquic/curl_ngtcp2.c
	@@ -1550,7 +1550,7 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf,
	nghttp3_data_reader reader;
	nghttp3_data_reader *preader = NULL;

	- Curl_h1_req_parse_init(&h1, (4*1024));
	+ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
	Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);

	*err = h3_data_setup(cf, data);
	diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c
	index 392b9beb83c59..c63e8e10a22e0 100644
	--- a/lib/vquic/curl_quiche.c
	+++ b/lib/vquic/curl_quiche.c
	@@ -913,7 +913,7 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf,
	DEBUGASSERT(stream);
	}

	- Curl_h1_req_parse_init(&h1, (4*1024));
	+ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
	Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);

	DEBUGASSERT(stream);