diff options
author | Kim Alvefur <zash@zash.se> | 2016-08-18 14:48:42 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2016-08-18 14:48:42 +0200 |
commit | 1fa724111054d024e48c6d65cd8dce92a3d8fdd5 (patch) | |
tree | fecec9c368c2335c47815498e06a9ac27ce019e6 | |
parent | 72573b8d101668e946bc7aedd6cfdf90acf18663 (diff) | |
download | prosody-1fa724111054d024e48c6d65cd8dce92a3d8fdd5.tar.gz prosody-1fa724111054d024e48c6d65cd8dce92a3d8fdd5.zip |
net.http.parser: Add a limit on maximum buffer size, default to 20M
-rw-r--r-- | net/http/parser.lua | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/http/parser.lua b/net/http/parser.lua index 0f764d12..e3a2554f 100644 --- a/net/http/parser.lua +++ b/net/http/parser.lua @@ -30,6 +30,7 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb) if not parser_type or parser_type == "server" then client = false; else assert(parser_type == "client", "Invalid parser type"); end local buf, buflen, buftable = {}, 0, true; local bodylimit = 10*1024*1024; + local buflimit = bodylimit * 2; local chunked, chunk_size, chunk_start; local state = nil; local packet; @@ -56,6 +57,7 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb) buftable = true; end buflen = buflen + #data; + if buflen > buflimit then error = true; return error_cb("max-buffer-size-exceeded"); end while buflen > 0 do if state == nil then -- read request if buftable then buf, buftable = t_concat(buf), false; end |