diff options
author | Alexandr Nedvedicky <sashan@openssl.org> | 2024-03-08 11:21:18 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-03-12 19:35:41 +0100 |
commit | 7f8aba2f44e9ca65b8a95987fa6c46020e1bdd6d (patch) | |
tree | 5647518eee7a0d5b854f42d78bfab5ab3535219c /doc | |
parent | bc930bed20d7462afecbb9d947286a335975c04a (diff) |
Limit the number of http headers when receiving the http response
Change introduces a default limit on HTTP headers we expect to receive
from server to 256. If limit is exceeded http client library indicates
HTTP_R_RESPONSE_TOO_MANY_HDRLINES error. Application can use
OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() to change default.
Setting limit to 0 implies no limit (current behavior).
Fixes #22264
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23781)
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man3/OSSL_HTTP_REQ_CTX.pod | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/doc/man3/OSSL_HTTP_REQ_CTX.pod b/doc/man3/OSSL_HTTP_REQ_CTX.pod index f74fcb35ce..e80673ea49 100644 --- a/doc/man3/OSSL_HTTP_REQ_CTX.pod +++ b/doc/man3/OSSL_HTTP_REQ_CTX.pod @@ -15,7 +15,8 @@ OSSL_HTTP_REQ_CTX_exchange, OSSL_HTTP_REQ_CTX_get0_mem_bio, OSSL_HTTP_REQ_CTX_get_resp_len, OSSL_HTTP_REQ_CTX_set_max_response_length, -OSSL_HTTP_is_alive +OSSL_HTTP_is_alive, +OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines - HTTP client low-level functions =head1 SYNOPSIS @@ -50,6 +51,9 @@ OSSL_HTTP_is_alive int OSSL_HTTP_is_alive(const OSSL_HTTP_REQ_CTX *rctx); + void OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(OSSL_HTTP_REQ_CTX *rctx, + size_t count); + =head1 DESCRIPTION B<OSSL_HTTP_REQ_CTX> is a context structure for an HTTP request and response, @@ -191,6 +195,11 @@ In case the client application keeps I<rctx> but the connection then dies for any reason at the server side, it will notice this obtaining an I/O error when trying to send the next request via I<rctx>. +The OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() function changes the limit +for the number of HTTP headers which can be received in a response. The default +value is 256. If the number of HTTP headers in a response exceeds the limit, +then the HTTP_R_RESPONSE_TOO_MANY_HDRLINES error is indicated. + =head1 WARNINGS The server's response may be unexpected if the hostname that was used to |