aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKim Alvefur <zash@zash.se>2016-08-18 14:48:42 +0200
committerKim Alvefur <zash@zash.se>2016-08-18 14:48:42 +0200
commit5f1b3ca75ec7fcd1018a0e656cb66d03e6a3a5bb (patch)
treefecec9c368c2335c47815498e06a9ac27ce019e6
parent6721500d4adb719d56532ae07efee8ee3d1b35f4 (diff)
downloadprosody-5f1b3ca75ec7fcd1018a0e656cb66d03e6a3a5bb.tar.gz
prosody-5f1b3ca75ec7fcd1018a0e656cb66d03e6a3a5bb.zip
net.http.parser: Add a limit on maximum buffer size, default to 20M
-rw-r--r--net/http/parser.lua2
1 files changed, 2 insertions, 0 deletions
diff --git a/net/http/parser.lua b/net/http/parser.lua
index 0f764d12..e3a2554f 100644
--- a/net/http/parser.lua
+++ b/net/http/parser.lua
@@ -30,6 +30,7 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb)
if not parser_type or parser_type == "server" then client = false; else assert(parser_type == "client", "Invalid parser type"); end
local buf, buflen, buftable = {}, 0, true;
local bodylimit = 10*1024*1024;
+ local buflimit = bodylimit * 2;
local chunked, chunk_size, chunk_start;
local state = nil;
local packet;
@@ -56,6 +57,7 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb)
buftable = true;
end
buflen = buflen + #data;
+ if buflen > buflimit then error = true; return error_cb("max-buffer-size-exceeded"); end
while buflen > 0 do
if state == nil then -- read request
if buftable then buf, buftable = t_concat(buf), false; end