morgan/UxPlay
1
0
Fork 0
mirror of https://github.com/morgan9e/UxPlay synced 2026-04-15 00:34:05 +09:00
Code Issues Packages Projects Releases Wiki Activity

http request/response security (suggestions by @0pepsi)

Browse Source 
parse CSec header, to reject invalid values
impose limits on http header sizes (guard against DOS attacks)
set MAX_RESPONSE_SIZE in http_response
This commit is contained in:
F. Duncanh
2026-01-16 23:35:44 -05:00
parent 78472470af
commit 0133170ff7
6 changed files with 93 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
lib/http_request.c
View File

@@ -273,6 +273,30 @@ http_request_get_header(http_request_t *request, const char *name)
return NULL;
}
size_t
http_request_header_get_size(http_request_t *request, int *num_fields, size_t *max_field_len, size_t *max_value_len) {
size_t total = 0;
if (max_field_len) {
*max_field_len = 0;
}
if (max_value_len) {
*max_value_len = 0;
}
if (num_fields) {
*num_fields = request->headers_size / 2;
}
for (int i = 0; i < request->headers_size; i +=2) {
size_t len = strlen(request->headers[i]);
total += len;
if (i % 2 == 0 && max_field_len && len > *max_field_len) {
*max_field_len = len;
} else if (max_value_len && len > *max_value_len) {
*max_value_len = len;
}
}
return total;
}
const char *
http_request_get_data(http_request_t *request, int *datalen)
{