umgeher/cowboy
0
Fork 0
mirror of https://github.com/ninenines/cowboy.git synced 2025-07-15 04:30:25 +00:00
Code Issues Wiki Activity

Return status 431 if the request header field is too large

Browse source 
This commit changes Cowboy to follow RFC6585.
This commit is contained in:
José Valim 2016-12-16 13:13:15 +01:00 committed by Loïc Hoguin
parent 1048bff929
commit f59c29dff0
No known key found for this signature in database
GPG key ID: 71366FF21851DF03
2 changed files with 16 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/cowboy_http.erl
View file

@ -454,7 +454,7 @@ parse_header(Buffer, State=#state{opts=Opts, in_state=PS}, Headers) ->
NumHeaders = maps:size(Headers), NumHeaders = maps:size(Headers),
case match_colon(Buffer, 0) of case match_colon(Buffer, 0) of
nomatch when byte_size(Buffer) > MaxLength -> nomatch when byte_size(Buffer) > MaxLength ->
error_terminate(400, State, {connection_error, limit_reached, error_terminate(431, State, {connection_error, limit_reached,
''}); %% @todo ''}); %% @todo
nomatch when NumHeaders >= MaxHeaders -> nomatch when NumHeaders >= MaxHeaders ->
error_terminate(400, State, {connection_error, limit_reached, error_terminate(400, State, {connection_error, limit_reached,
@ -497,7 +497,7 @@ parse_hd_before_value(Buffer, State=#state{opts=Opts, in_state=PS}, H, N) ->
MaxLength = maps:get(max_header_value_length, Opts, 4096), MaxLength = maps:get(max_header_value_length, Opts, 4096),
case match_eol(Buffer, 0) of case match_eol(Buffer, 0) of
nomatch when byte_size(Buffer) > MaxLength -> nomatch when byte_size(Buffer) > MaxLength ->
error_terminate(400, State, {connection_error, limit_reached, error_terminate(431, State, {connection_error, limit_reached,
''}); %% @todo ''}); %% @todo
nomatch -> nomatch ->
{more, State#state{in_state=PS#ps_header{headers=H, name=N}}, Buffer}; {more, State#state{in_state=PS#ps_header{headers=H, name=N}}, Buffer};

14
test/http_SUITE.erl
View file

@ -307,6 +307,20 @@ echo_body(Config) ->
end || Size <- lists:seq(MTU - 500, MTU)], end || Size <- lists:seq(MTU - 500, MTU)],
ok. ok.
%% Check if sending request whose header name is bigger than 64 bytes causes 431
echo_body_max_header_name_length(Config) ->
ConnPid = gun_open(Config),
Ref = gun:post(ConnPid, "/echo/body", [{binary:copy(<<$a>>, 32768), <<"bad">>}], << "echo=name" >>),
{response, fin, 431, _} = gun:await(ConnPid, Ref),
ok.
%% Check if sending request whose header name is bigger than 64 bytes causes 431
echo_body_max_header_value_length(Config) ->
ConnPid = gun_open(Config),
Ref = gun:post(ConnPid, "/echo/body", [{<<"bad">>, binary:copy(<<$a>>, 32768)}], << "echo=name" >>),
{response, fin, 431, _} = gun:await(ConnPid, Ref),
ok.
%% Check if sending request whose size is bigger than 1000000 bytes causes 413 %% Check if sending request whose size is bigger than 1000000 bytes causes 413
echo_body_max_length(Config) -> echo_body_max_length(Config) ->
ConnPid = gun_open(Config), ConnPid = gun_open(Config),