aboutsummaryrefslogtreecommitdiff
path: root/src/zenhttp/servers/httpparser.cpp
diff options
context:
space:
mode:
authorDan Engelbrecht <[email protected]>2024-03-12 09:53:20 +0100
committerGitHub <[email protected]>2024-03-12 09:53:20 +0100
commite130e105d1de7c658b59ce5dd9a226129c318a2c (patch)
tree38eb33710a9ec970b52aee95e3e041990d915885 /src/zenhttp/servers/httpparser.cpp
parentfix zenserver state macos (#669) (diff)
downloadzen-e130e105d1de7c658b59ce5dd9a226129c318a2c.tar.xz
zen-e130e105d1de7c658b59ce5dd9a226129c318a2c.zip
http request parser safety (#664)
* make sure we don't add more headers than we support * don't capture for loop variables by reference for async work
Diffstat (limited to 'src/zenhttp/servers/httpparser.cpp')
-rw-r--r--src/zenhttp/servers/httpparser.cpp8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/zenhttp/servers/httpparser.cpp b/src/zenhttp/servers/httpparser.cpp
index c64134c95..0a1c5686a 100644
--- a/src/zenhttp/servers/httpparser.cpp
+++ b/src/zenhttp/servers/httpparser.cpp
@@ -124,6 +124,13 @@ void
HttpRequestParser::AppendCurrentHeader()
{
std::string_view HeaderName(m_CurrentHeaderName, m_CurrentHeaderNameLength);
+ if (m_Headers.size() == std::numeric_limits<int8_t>::max())
+ {
+ ZEN_WARN("HttpRequestParser parser only supports up to {} headers, can't store header '{}'. Dropping it.",
+ std::numeric_limits<int8_t>::max(),
+ HeaderName);
+ return;
+ }
std::string_view HeaderValue(m_CurrentHeaderValue, m_CurrentHeaderValueLength);
const uint32_t HeaderHash = HashStringAsLowerDjb2(HeaderName);
@@ -335,7 +342,6 @@ HttpRequestParser::ResetState()
m_CurrentHeaderNameLength = 0;
m_CurrentHeaderValue = nullptr;
m_CurrentHeaderValueLength = 0;
- m_CurrentHeaderName = nullptr;
m_Url = nullptr;
m_UrlLength = 0;
m_QueryString = nullptr;
generated by cgit v1.2.3 (git 2.25.1) at 2026-03-11 07:49:37 +0000