Added Makefile defines to limit HTTP header length and request body length to avoid allocating too much memory on large requests

author: stderr64 <linuxwizard@voidnet.dy.fi> 2023-09-17 18:26:03 +0300
committer: stderr64 <linuxwizard@voidnet.dy.fi> 2023-09-17 18:26:03 +0300
commit: d1c49a48eabd5276c756fea9dea430c7625dd989 (patch)
tree: a034d0c680b122171c5a8e8278481acc595624bc
parent: e82c650bc481024cf42e916aee7f096f915855a1 (diff)
download: CWebHook-d1c49a48eabd5276c756fea9dea430c7625dd989.tar.gz
CWebHook-d1c49a48eabd5276c756fea9dea430c7625dd989.tar.zst
2 files changed, 7 insertions, 5 deletions
diff --git a/Makefile b/Makefile
index cf8b416..d0450d4 100644
--- a/Makefile
+++ b/Makefile
@@ -2,9 +2,11 @@ CC=gcc
 MAX_PEEK_BYTES=512000
 MAX_RECV_BYTES=512000
 MAX_WEBHOOK_OUTPUT_LENGTH=512000
+MAX_HEADER_LENGTH=32767
+MAX_CONTENT_LENGTH=524288
 
 rel:
-	$(CC) -DMAX_PEEK_BYTES=${MAX_PEEK_BYTES} -DMAX_RECV_BYTES=${MAX_RECV_BYTES} -DMAX_WEBHOOK_OUTPUT_LENGTH=${MAX_WEBHOOK_OUTPUT_LENGTH} -Wall -pedantic-errors -Werror -lssl -lcrypto -lcjson cwebhook.c -o cwebhook
+	$(CC) -DMAX_PEEK_BYTES=${MAX_PEEK_BYTES} -DMAX_RECV_BYTES=${MAX_RECV_BYTES} -DMAX_HEADER_LENGTH=${MAX_HEADER_LENGTH} -DMAX_CONTENT_LENGTH=${MAX_CONTENT_LENGTH} -DMAX_WEBHOOK_OUTPUT_LENGTH=${MAX_WEBHOOK_OUTPUT_LENGTH} -Wall -pedantic-errors -Werror -lssl -lcrypto -lcjson cwebhook.c -o cwebhook
 
 debug:
-	$(CC) -DMAX_PEEK_BYTES=${MAX_PEEK_BYTES} -DMAX_RECV_BYTES=${MAX_RECV_BYTES} -DMAX_WEBHOOK_OUTPUT_LENGTH=${MAX_WEBHOOK_OUTPUT_LENGTH} -Wall -pedantic-errors -Werror -ggdb -lssl -lcrypto -lcjson cwebhook.c -o cwebhook
+	$(CC) -DMAX_PEEK_BYTES=${MAX_PEEK_BYTES} -DMAX_RECV_BYTES=${MAX_RECV_BYTES} -DMAX_HEADER_LENGTH=${MAX_HEADER_LENGTH} -DMAX_CONTENT_LENGTH=${MAX_CONTENT_LENGTH} -DMAX_WEBHOOK_OUTPUT_LENGTH=${MAX_WEBHOOK_OUTPUT_LENGTH} -Wall -pedantic-errors -Werror -ggdb -lssl -lcrypto -lcjson cwebhook.c -o cwebhook
diff --git a/http_headers.h b/http_headers.h
index f3aa397..d8171e8 100644
--- a/http_headers.h
+++ b/http_headers.h
@@ -12,7 +12,7 @@ int get_request_data( http_request_data_t *hdt, char *req_contents ){
     if ( (size_t)strlen(hdt->request_copy) != hdt->request_size )
         return REQ_READ_ERROR;
     hdt->tok_current = strtok_r( hdt->request_copy, "\r\n", &hdt->tok_prev );
-    if ( hdt->tok_current == NULL )
+    if ( hdt->tok_current == NULL || (uint64_t)strlen(hdt->tok_current) >= MAX_HEADER_LENGTH )
         return REQ_READ_ERROR;
     if ( strstr(hdt->tok_current, "GET /") == NULL && strstr(hdt->tok_current, "POST /") == NULL )
         return REQ_READ_ERROR;
@@ -39,12 +39,12 @@ int get_request_data( http_request_data_t *hdt, char *req_contents ){
     if ( (size_t)strlen(hdt->request_copy) != hdt->request_size )
         return REQ_READ_ERROR;
     char *request_body_begin = strstr( hdt->request_copy, "\r\n\r\n" );
-    if ( request_body_begin == NULL ){
+    if ( request_body_begin == NULL || (uint64_t)strlen(request_body_begin) >= MAX_CONTENT_LENGTH ){
         hdt->request_body = NULL;
         return REQ_READ_SUCCESS;
     }
     hdt->tok_current = strtok_r( request_body_begin, "\r\n\r\n", &hdt->tok_prev );
-    if ( hdt->tok_current == NULL ){
+    if ( hdt->tok_current == NULL || (uint64_t)strlen(hdt->tok_current) >= MAX_CONTENT_LENGTH ){
         hdt->request_body = NULL;
         return REQ_READ_SUCCESS;
     }
author	stderr64 <linuxwizard@voidnet.dy.fi>	2023-09-17 18:26:03 +0300
committer	stderr64 <linuxwizard@voidnet.dy.fi>	2023-09-17 18:26:03 +0300
commit	d1c49a48eabd5276c756fea9dea430c7625dd989 (patch)
tree	a034d0c680b122171c5a8e8278481acc595624bc
parent	e82c650bc481024cf42e916aee7f096f915855a1 (diff)
download	CWebHook-d1c49a48eabd5276c756fea9dea430c7625dd989.tar.gz CWebHook-d1c49a48eabd5276c756fea9dea430c7625dd989.tar.zst