Be strict with error 431 header sizes

uNetworking · Mar 10, 2024 · 10f73df · 10f73df
1 parent 45091fa
commit 10f73df
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/src/HttpParser.h b/src/HttpParser.h
@@ -461,6 +461,11 @@ struct HttpParser {
             length -= consumed;
             consumedTotal += consumed;
 
+            /* Even if we could parse it, check for length here as well */
+            if (consumed > MAX_FALLBACK_SIZE) {
+                return {HTTP_ERROR_431_REQUEST_HEADER_FIELDS_TOO_LARGE, FULLPTR};
+            }
+
             /* Store HTTP version (ancient 1.0 or 1.1) */
             req->ancientHttp = false;