1
0
mirror of https://github.com/v2fly/v2ray-core.git synced 2024-12-31 14:36:50 -05:00

return error when header too long

This commit is contained in:
Darien Raymond 2016-12-19 12:16:57 +01:00
parent a6402a586e
commit 0f0f01ddf6
No known key found for this signature in database
GPG Key ID: 7251FFA14BB18169

View File

@ -2,6 +2,7 @@ package http
import ( import (
"bytes" "bytes"
"errors"
"io" "io"
"net" "net"
"net/http" "net/http"
@ -17,10 +18,12 @@ const (
CRLF = "\r\n" CRLF = "\r\n"
ENDING = CRLF + CRLF ENDING = CRLF + CRLF
// max length of HTTP header. Safety precaution for DDoS attack.
maxHeaderLength = 8192 maxHeaderLength = 8192
) )
var ( var (
ErrHeaderToLong = errors.New("Header too long.")
writeCRLF = serial.WriteString(CRLF) writeCRLF = serial.WriteString(CRLF)
) )
@ -50,6 +53,7 @@ type HeaderReader struct {
func (*HeaderReader) Read(reader io.Reader) (*buf.Buffer, error) { func (*HeaderReader) Read(reader io.Reader) (*buf.Buffer, error) {
buffer := buf.NewSmall() buffer := buf.NewSmall()
totalBytes := 0 totalBytes := 0
endingDetected := false
for totalBytes < maxHeaderLength { for totalBytes < maxHeaderLength {
err := buffer.AppendSupplier(buf.ReadFrom(reader)) err := buffer.AppendSupplier(buf.ReadFrom(reader))
if err != nil { if err != nil {
@ -57,6 +61,7 @@ func (*HeaderReader) Read(reader io.Reader) (*buf.Buffer, error) {
} }
if n := bytes.Index(buffer.Bytes(), []byte(ENDING)); n != -1 { if n := bytes.Index(buffer.Bytes(), []byte(ENDING)); n != -1 {
buffer.SliceFrom(n + len(ENDING)) buffer.SliceFrom(n + len(ENDING))
endingDetected = true
break break
} }
if buffer.Len() >= len(ENDING) { if buffer.Len() >= len(ENDING) {
@ -71,6 +76,10 @@ func (*HeaderReader) Read(reader io.Reader) (*buf.Buffer, error) {
buffer.Release() buffer.Release()
return nil, nil return nil, nil
} }
if !endingDetected {
buffer.Release()
return nil, ErrHeaderToLong
}
return buffer, nil return buffer, nil
} }