| https://github.com/curl/curl/commit/77c9a9845bbee66f3aff158b8452dc8cd963cbd5.patch |
| From: =?UTF-8?q?Emilio=20Cobos=20=C3=81lvarez?= <emilio@crisal.io> |
| Date: Thu, 18 May 2023 18:22:57 +0200 |
| Subject: [PATCH] http2: double http request parser max line length |
| |
| This works around #11138, by doubling the limit, and should be a |
| relatively safe fix. |
| |
| Ideally the buffer would grow as needed and there would be no need for a |
| limit? But that might be follow-up material. |
| |
| Fixes #11138 |
| Closes #11139 |
| --- |
| lib/http1.h | 2 ++ |
| lib/http2.c | 2 +- |
| lib/vquic/curl_msh3.c | 2 +- |
| lib/vquic/curl_ngtcp2.c | 2 +- |
| lib/vquic/curl_quiche.c | 2 +- |
| 5 files changed, 6 insertions(+), 4 deletions(-) |
| |
| diff --git a/lib/http1.h b/lib/http1.h |
| index c2d107587a6f8..8acb9db401a95 100644 |
| --- a/lib/http1.h |
| +++ b/lib/http1.h |
| @@ -33,6 +33,8 @@ |
| #define H1_PARSE_OPT_NONE (0) |
| #define H1_PARSE_OPT_STRICT (1 << 0) |
| |
| +#define H1_PARSE_DEFAULT_MAX_LINE_LEN (8 * 1024) |
| + |
| struct h1_req_parser { |
| struct http_req *req; |
| struct bufq scratch; |
| diff --git a/lib/http2.c b/lib/http2.c |
| index 47e6f71393156..4e3b182b8d815 100644 |
| --- a/lib/http2.c |
| +++ b/lib/http2.c |
| @@ -1860,7 +1860,7 @@ static ssize_t h2_submit(struct stream_ctx **pstream, |
| nghttp2_priority_spec pri_spec; |
| ssize_t nwritten; |
| |
| - Curl_h1_req_parse_init(&h1, (4*1024)); |
| + Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); |
| Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST); |
| |
| *err = http2_data_setup(cf, data, &stream); |
| diff --git a/lib/vquic/curl_msh3.c b/lib/vquic/curl_msh3.c |
| index 40e89379fc402..173886739b6dc 100644 |
| --- a/lib/vquic/curl_msh3.c |
| +++ b/lib/vquic/curl_msh3.c |
| @@ -575,7 +575,7 @@ static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data, |
| |
| CF_DATA_SAVE(save, cf, data); |
| |
| - Curl_h1_req_parse_init(&h1, (4*1024)); |
| + Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); |
| Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST); |
| |
| /* Sizes must match for cast below to work" */ |
| diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c |
| index 05f960afdffa1..7794f148c6ec9 100644 |
| --- a/lib/vquic/curl_ngtcp2.c |
| +++ b/lib/vquic/curl_ngtcp2.c |
| @@ -1550,7 +1550,7 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf, |
| nghttp3_data_reader reader; |
| nghttp3_data_reader *preader = NULL; |
| |
| - Curl_h1_req_parse_init(&h1, (4*1024)); |
| + Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); |
| Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST); |
| |
| *err = h3_data_setup(cf, data); |
| diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c |
| index 392b9beb83c59..c63e8e10a22e0 100644 |
| --- a/lib/vquic/curl_quiche.c |
| +++ b/lib/vquic/curl_quiche.c |
| @@ -913,7 +913,7 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf, |
| DEBUGASSERT(stream); |
| } |
| |
| - Curl_h1_req_parse_init(&h1, (4*1024)); |
| + Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN); |
| Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST); |
| |
| DEBUGASSERT(stream); |