Mercurial Mercurial > prosody > prosody / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
net.http.parser: Add a limit on maximum buffer size, default to 20M
authorKim Alvefur <zash@zash.se>
Thu, 18 Aug 2016 14:48:42 +0200
changeset 7580 3dc52f1778db
parent 7579 d3646443a02e
child 7581 65bf55fdf971
net.http.parser: Add a limit on maximum buffer size, default to 20M
net/http/parser.lua file | annotate | diff | comparison | revisions 
--- a/net/http/parser.lua	Thu Aug 18 14:47:58 2016 +0200
+++ b/net/http/parser.lua	Thu Aug 18 14:48:42 2016 +0200
@@ -30,6 +30,7 @@
 	if not parser_type or parser_type == "server" then client = false; else assert(parser_type == "client", "Invalid parser type"); end
 	local buf, buflen, buftable = {}, 0, true;
 	local bodylimit = 10*1024*1024;
+	local buflimit = bodylimit * 2;
 	local chunked, chunk_size, chunk_start;
 	local state = nil;
 	local packet;
@@ -56,6 +57,7 @@
 				buftable = true;
 			end
 			buflen = buflen + #data;
+			if buflen > buflimit then error = true; return error_cb("max-buffer-size-exceeded"); end
 			while buflen > 0 do
 				if state == nil then -- read request
 					if buftable then buf, buftable = t_concat(buf), false; end
prosody