diff options
author | Kim Alvefur <zash@zash.se> | 2016-08-18 14:47:58 +0200 |
---|---|---|
committer | Kim Alvefur <zash@zash.se> | 2016-08-18 14:47:58 +0200 |
commit | 12ae7ac17e07564c7fc2b3dee103724a26af4b71 (patch) | |
tree | 7253adc449646597e04b84c4b55fea480cd3ce6e /net/http | |
parent | 4ba2cd3ab0bdc660bff023acded8db1dfb467176 (diff) | |
download | prosody-12ae7ac17e07564c7fc2b3dee103724a26af4b71.tar.gz prosody-12ae7ac17e07564c7fc2b3dee103724a26af4b71.zip |
net.http.parser: Add a limit on content length, default to 10M
Diffstat (limited to 'net/http')
-rw-r--r-- | net/http/parser.lua | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/http/parser.lua b/net/http/parser.lua index af43e7a0..0f764d12 100644 --- a/net/http/parser.lua +++ b/net/http/parser.lua @@ -29,6 +29,7 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb) local client = true; if not parser_type or parser_type == "server" then client = false; else assert(parser_type == "client", "Invalid parser type"); end local buf, buflen, buftable = {}, 0, true; + local bodylimit = 10*1024*1024; local chunked, chunk_size, chunk_start; local state = nil; local packet; @@ -88,6 +89,7 @@ function httpstream.new(success_cb, error_cb, parser_type, options_cb) if not first_line then error = true; return error_cb("invalid-status-line"); end chunked = have_body and headers["transfer-encoding"] == "chunked"; len = tonumber(headers["content-length"]); -- TODO check for invalid len + if len and len > bodylimit then error = true; return error_cb("content-length-limit-exceeded"); end if client then -- FIXME handle '100 Continue' response (by skipping it) if not have_body then len = 0; end |