mirror of
https://github.com/isc-projects/bind9.git
synced 2026-07-12 06:15:32 -04:00
Limit allowed URL/URI size to 8192 bytes in the parser
RFC 9110 Section 4.1 recommends at least 8000 octets, and 65535 is too excessive. Limit the maximum length to 8192 octets.
This commit is contained in:
parent
874f34545f
commit
efa8ca2267
3 changed files with 11 additions and 9 deletions
|
|
@ -49,6 +49,8 @@
|
|||
#define HTTP_PARSER_STRICT 1
|
||||
#endif
|
||||
|
||||
#define URL_MAX_LENGTH 8192
|
||||
|
||||
typedef enum {
|
||||
ISC_UF_SCHEMA = 0,
|
||||
ISC_UF_HOST = 1,
|
||||
|
|
|
|||
|
|
@ -549,7 +549,7 @@ isc_url_parse(const char *buf, size_t buflen, bool is_connect,
|
|||
int found_at = 0;
|
||||
const char *p = NULL;
|
||||
|
||||
if (buflen == 0 || buflen > UINT16_MAX) {
|
||||
if (buflen == 0 || buflen > URL_MAX_LENGTH) {
|
||||
return ISC_R_RANGE;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -118,11 +118,11 @@ ISC_RUN_TEST_IMPL(parse) {
|
|||
assert_int_equal(9, up.field_data[ISC_UF_USERINFO].len);
|
||||
|
||||
/*
|
||||
* Test the maximum accepted buffer length (UINT16_MAX). A path of
|
||||
* exactly UINT16_MAX bytes also drives ISC_UF_PATH.len to its
|
||||
* uint16_t maximum without overflowing.
|
||||
* Test the maximum accepted buffer length (URL_MAX_LENGTH). A path of
|
||||
* exactly URL_MAX_LENGTH bytes also drives ISC_UF_PATH.len to its
|
||||
* maximum without overflowing.
|
||||
*/
|
||||
size_t max_len = UINT16_MAX;
|
||||
size_t max_len = URL_MAX_LENGTH;
|
||||
char *max_buf = isc_mem_get(isc_g_mctx, max_len);
|
||||
memset(max_buf, 'a', max_len);
|
||||
max_buf[0] = '/';
|
||||
|
|
@ -130,14 +130,14 @@ ISC_RUN_TEST_IMPL(parse) {
|
|||
isc_mem_put(isc_g_mctx, max_buf, max_len);
|
||||
assert_int_equal(ISC_R_SUCCESS, result);
|
||||
assert_int_equal(0, up.field_data[ISC_UF_PATH].off);
|
||||
assert_int_equal(UINT16_MAX, up.field_data[ISC_UF_PATH].len);
|
||||
assert_int_equal(URL_MAX_LENGTH, up.field_data[ISC_UF_PATH].len);
|
||||
|
||||
/* Test a too big buffer (UINT16_MAX + 1). */
|
||||
size_t buf_len = UINT16_MAX + 2;
|
||||
/* Test a too big buffer (URL_MAX_LENGTH + 1). */
|
||||
size_t buf_len = URL_MAX_LENGTH + 2;
|
||||
char *buf = isc_mem_get(isc_g_mctx, buf_len);
|
||||
memset(buf, 'a', buf_len);
|
||||
buf[0] = '/';
|
||||
result = isc_url_parse(buf, UINT16_MAX + 1, false, &up);
|
||||
result = isc_url_parse(buf, URL_MAX_LENGTH + 1, false, &up);
|
||||
isc_mem_put(isc_g_mctx, buf, buf_len);
|
||||
assert_int_equal(ISC_R_RANGE, result);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue