diff options
author | Alexandr Nedvedicky <sashan@openssl.org> | 2024-03-08 11:21:18 +0100 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-03-12 19:35:41 +0100 |
commit | 7f8aba2f44e9ca65b8a95987fa6c46020e1bdd6d (patch) | |
tree | 5647518eee7a0d5b854f42d78bfab5ab3535219c /include | |
parent | bc930bed20d7462afecbb9d947286a335975c04a (diff) |
Limit the number of http headers when receiving the http response
Change introduces a default limit on HTTP headers we expect to receive
from server to 256. If limit is exceeded http client library indicates
HTTP_R_RESPONSE_TOO_MANY_HDRLINES error. Application can use
OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines() to change default.
Setting limit to 0 implies no limit (current behavior).
Fixes #22264
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23781)
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto/httperr.h | 5 | ||||
-rw-r--r-- | include/openssl/http.h | 4 | ||||
-rw-r--r-- | include/openssl/httperr.h | 3 |
3 files changed, 10 insertions, 2 deletions
diff --git a/include/crypto/httperr.h b/include/crypto/httperr.h index 969df17b83..827d61a235 100644 --- a/include/crypto/httperr.h +++ b/include/crypto/httperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -19,7 +19,10 @@ extern "C" { # endif +# ifndef OPENSSL_NO_HTTP + int ossl_err_load_HTTP_strings(void); +# endif # ifdef __cplusplus } diff --git a/include/openssl/http.h b/include/openssl/http.h index a3cbf15f5a..4f58652cc1 100644 --- a/include/openssl/http.h +++ b/include/openssl/http.h @@ -37,6 +37,8 @@ extern "C" { #define OSSL_HTTP_DEFAULT_MAX_LINE_LEN (4 * 1024) #define OSSL_HTTP_DEFAULT_MAX_RESP_LEN (100 * 1024) +#define OSSL_HTTP_DEFAULT_MAX_RESP_HDR_LINES 256 + /* Low-level HTTP API */ OSSL_HTTP_REQ_CTX *OSSL_HTTP_REQ_CTX_new(BIO *wbio, BIO *rbio, int buf_size); @@ -105,6 +107,8 @@ int OSSL_HTTP_parse_url(const char *url, int *pssl, char **puser, char **phost, const char *OSSL_HTTP_adapt_proxy(const char *proxy, const char *no_proxy, const char *server, int use_ssl); +void OSSL_HTTP_REQ_CTX_set_max_response_hdr_lines(OSSL_HTTP_REQ_CTX *rctx, + size_t count); # endif /* !defined(OPENSSL_NO_HTTP) */ # ifdef __cplusplus diff --git a/include/openssl/httperr.h b/include/openssl/httperr.h index ee08959203..ae7f00cac0 100644 --- a/include/openssl/httperr.h +++ b/include/openssl/httperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -44,6 +44,7 @@ # define HTTP_R_REDIRECTION_NOT_ENABLED 116 # define HTTP_R_RESPONSE_LINE_TOO_LONG 113 # define HTTP_R_RESPONSE_PARSE_ERROR 104 +# define HTTP_R_RESPONSE_TOO_MANY_HDRLINES 130 # define HTTP_R_RETRY_TIMEOUT 129 # define HTTP_R_SERVER_CANCELED_CONNECTION 127 # define HTTP_R_SOCK_NOT_SUPPORTED 122 |