mirrors/cpp-httplib
1
0
Fork 0
mirror of https://github.com/yhirose/cpp-httplib.git synced 2025-05-10 01:33:53 +00:00
Code Issues Projects Releases Wiki Activity

Fix check for URI length to prevent incorrect HTTP 414 errors (#2046)

Browse Source
This commit is contained in:
Brett Profitt 2025-02-10 21:46:38 -05:00 committed by GitHub
parent b397c768e4
commit a268d65c4f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
httplib.h
View File

@ -7234,14 +7234,6 @@ Server::process_request(Stream &strm, const std::string &remote_addr,
#endif
#endif
// Check if the request URI doesn't exceed the limit
if (line_reader.size() > CPPHTTPLIB_REQUEST_URI_MAX_LENGTH) {
Headers dummy;
detail::read_headers(strm, dummy);
res.status = StatusCode::UriTooLong_414;
return write_response(strm, close_connection, req, res);
}
// Request line and headers
if (!parse_request_line(line_reader.ptr(), req) ||
!detail::read_headers(strm, req.headers)) {
@ -7249,6 +7241,14 @@ Server::process_request(Stream &strm, const std::string &remote_addr,
return write_response(strm, close_connection, req, res);
}
// Check if the request URI doesn't exceed the limit
if (req.target.size() > CPPHTTPLIB_REQUEST_URI_MAX_LENGTH) {
Headers dummy;
detail::read_headers(strm, dummy);
res.status = StatusCode::UriTooLong_414;
return write_response(strm, close_connection, req, res);
}
if (req.get_header_value("Connection") == "close") {
connection_closed = true;
}

13
test/test.cc
View File

@ -3541,7 +3541,7 @@ TEST_F(ServerTest, LongRequest) {
TEST_F(ServerTest, TooLongRequest) {
std::string request;
for (size_t i = 0; i < 545; i++) {
for (size_t i = 0; i < 546; i++) {
request += "/TooLongRequest";
}
request += "_NG";
@ -3552,6 +3552,17 @@ TEST_F(ServerTest, TooLongRequest) {
EXPECT_EQ(StatusCode::UriTooLong_414, res->status);
}
TEST_F(ServerTest, AlmostTooLongRequest) {
// test for #2046 - URI length check shouldn't include other content on req line
// URI is max URI length, minus 14 other chars in req line (GET, space, leading /, space, HTTP/1.1)
std::string request = "/" + string(CPPHTTPLIB_REQUEST_URI_MAX_LENGTH - 14, 'A');
auto res = cli_.Get(request.c_str());
ASSERT_TRUE(res);
EXPECT_EQ(StatusCode::NotFound_404, res->status);
}
TEST_F(ServerTest, LongHeader) {
Request req;
req.method = "GET";