1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
https://github.com/curl/curl/commit/77c9a9845bbee66f3aff158b8452dc8cd963cbd5.patch
From: =?UTF-8?q?Emilio=20Cobos=20=C3=81lvarez?= <emilio@crisal.io>
Date: Thu, 18 May 2023 18:22:57 +0200
Subject: [PATCH] http2: double http request parser max line length
This works around #11138, by doubling the limit, and should be a
relatively safe fix.
Ideally the buffer would grow as needed and there would be no need for a
limit? But that might be follow-up material.
Fixes #11138
Closes #11139
---
lib/http1.h | 2 ++
lib/http2.c | 2 +-
lib/vquic/curl_msh3.c | 2 +-
lib/vquic/curl_ngtcp2.c | 2 +-
lib/vquic/curl_quiche.c | 2 +-
5 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/lib/http1.h b/lib/http1.h
index c2d107587a6f8..8acb9db401a95 100644
--- a/lib/http1.h
+++ b/lib/http1.h
@@ -33,6 +33,8 @@
#define H1_PARSE_OPT_NONE (0)
#define H1_PARSE_OPT_STRICT (1 << 0)
+#define H1_PARSE_DEFAULT_MAX_LINE_LEN (8 * 1024)
+
struct h1_req_parser {
struct http_req *req;
struct bufq scratch;
diff --git a/lib/http2.c b/lib/http2.c
index 47e6f71393156..4e3b182b8d815 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -1860,7 +1860,7 @@ static ssize_t h2_submit(struct stream_ctx **pstream,
nghttp2_priority_spec pri_spec;
ssize_t nwritten;
- Curl_h1_req_parse_init(&h1, (4*1024));
+ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
*err = http2_data_setup(cf, data, &stream);
diff --git a/lib/vquic/curl_msh3.c b/lib/vquic/curl_msh3.c
index 40e89379fc402..173886739b6dc 100644
--- a/lib/vquic/curl_msh3.c
+++ b/lib/vquic/curl_msh3.c
@@ -575,7 +575,7 @@ static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data,
CF_DATA_SAVE(save, cf, data);
- Curl_h1_req_parse_init(&h1, (4*1024));
+ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
/* Sizes must match for cast below to work" */
diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
index 05f960afdffa1..7794f148c6ec9 100644
--- a/lib/vquic/curl_ngtcp2.c
+++ b/lib/vquic/curl_ngtcp2.c
@@ -1550,7 +1550,7 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf,
nghttp3_data_reader reader;
nghttp3_data_reader *preader = NULL;
- Curl_h1_req_parse_init(&h1, (4*1024));
+ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
*err = h3_data_setup(cf, data);
diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c
index 392b9beb83c59..c63e8e10a22e0 100644
--- a/lib/vquic/curl_quiche.c
+++ b/lib/vquic/curl_quiche.c
@@ -913,7 +913,7 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf,
DEBUGASSERT(stream);
}
- Curl_h1_req_parse_init(&h1, (4*1024));
+ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
DEBUGASSERT(stream);
|
