|
@@ -67,6 +67,7 @@ struct ossl_http_req_ctx_st {
|
|
|
time_t max_time; /* Maximum end time of current transfer, or 0 */
|
|
|
time_t max_total_time; /* Maximum end time of total transfer, or 0 */
|
|
|
char *redirection_url; /* Location obtained from HTTP status 301/302 */
|
|
|
+ size_t max_hdr_lines; /* Max. number of http hdr lines, or 0 */
|
|
|
};
|
|
|
|
|
|
/* HTTP states */
|
|
@@ -106,6 +107,7 @@ OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int buf_size)
|
|
|
rctx->buf = OPENSSL_malloc(rctx->buf_size);
|
|
|
rctx->wbio = wbio;
|
|
|
rctx->rbio = rbio;
|
|
|
+ rctx->max_hdr_lines = OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES;
|
|
|
if (rctx->buf == NULL) {
|
|
|
OPENSSL_free(rctx);
|
|
|
return NULL;
|
|
@@ -355,6 +357,16 @@ int OSSL_HTTP_REQ_CTX_set1_req(OSSL_HTTP_REQ_CTX *rctx, const char *content_type
|
|
|
return res;
|
|
|
}
|
|
|
|
|
|
+void OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(OSSL_HTTP_REQ_CTX *rctx,
|
|
|
+ size_t count)
|
|
|
+{
|
|
|
+ if (rctx == NULL) {
|
|
|
+ ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
|
|
|
+ return;
|
|
|
+ }
|
|
|
+ rctx->max_hdr_lines = count;
|
|
|
+}
|
|
|
+
|
|
|
static int add1_headers(OSSL_HTTP_REQ_CTX *rctx,
|
|
|
const STACK_OF(CONF_VALUE) *headers, const char *host)
|
|
|
{
|
|
@@ -537,6 +549,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
|
|
|
size_t resp_len;
|
|
|
const unsigned char *p;
|
|
|
char *buf, *key, *value, *line_end = NULL;
|
|
|
+ size_t resp_hdr_lines = 0;
|
|
|
|
|
|
if (rctx == NULL) {
|
|
|
ERR_raise(ERR_LIB_HTTP, ERR_R_PASSED_NULL_PARAMETER);
|
|
@@ -682,6 +695,14 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
+ resp_hdr_lines++;
|
|
|
+ if (rctx->max_hdr_lines != 0 && rctx->max_hdr_lines < resp_hdr_lines) {
|
|
|
+ ERR_raise(ERR_LIB_HTTP, HTTP_R_RESPONSE_TOO_MANY_HDRLINES);
|
|
|
+ OSSL_TRACE(HTTP, "Received too many headers\n");
|
|
|
+ rctx->state = OHS_ERROR;
|
|
|
+ return 0;
|
|
|
+ }
|
|
|
+
|
|
|
/* Don't allow excessive lines */
|
|
|
if (n == rctx->buf_size) {
|
|
|
ERR_raise(ERR_LIB_HTTP, HTTP_R_RESPONSE_LINE_TOO_LONG);
|
|
@@ -786,6 +807,8 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
|
|
|
if (OSSL_TRACE_ENABLED(HTTP))
|
|
|
OSSL_TRACE(HTTP, "]\n");
|
|
|
|
|
|
+ resp_hdr_lines = 0;
|
|
|
+
|
|
|
if (rctx->keep_alive != 0 /* do not let server initiate keep_alive */
|
|
|
&& !found_keep_alive /* otherwise there is no change */) {
|
|
|
if (rctx->keep_alive == 2) {
|