diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2023-09-26 07:32:46 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2023-09-26 07:32:46 -0600 |
commit | 58ab3a01a0d4b5f9e8bff56f623ceb906ff603b9 (patch) | |
tree | 575493d531b10d91325e3dbc7c05953fe573100f | |
parent | a306c5f769d876adf1f93d350c8a523b2c3fe760 (diff) |
caddyhttp: Use LimitedReader for HTTPRedirectListener
-rw-r--r-- | modules/caddyhttp/httpredirectlistener.go | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/modules/caddyhttp/httpredirectlistener.go b/modules/caddyhttp/httpredirectlistener.go index 3ff79ff..082dc7c 100644 --- a/modules/caddyhttp/httpredirectlistener.go +++ b/modules/caddyhttp/httpredirectlistener.go @@ -17,6 +17,7 @@ package caddyhttp import ( "bufio" "fmt" + "io" "net" "net/http" "sync" @@ -42,7 +43,11 @@ func init() { // // This listener wrapper must be placed BEFORE the "tls" listener // wrapper, for it to work properly. -type HTTPRedirectListenerWrapper struct{} +type HTTPRedirectListenerWrapper struct { + // MaxHeaderBytes is the maximum size to parse from a client's + // HTTP request headers. Default: 1 MB + MaxHeaderBytes int64 `json:"max_header_bytes,omitempty"` +} func (HTTPRedirectListenerWrapper) CaddyModule() caddy.ModuleInfo { return caddy.ModuleInfo{ @@ -56,7 +61,7 @@ func (h *HTTPRedirectListenerWrapper) UnmarshalCaddyfile(d *caddyfile.Dispenser) } func (h *HTTPRedirectListenerWrapper) WrapListener(l net.Listener) net.Listener { - return &httpRedirectListener{l} + return &httpRedirectListener{l, h.MaxHeaderBytes} } // httpRedirectListener is listener that checks the first few bytes @@ -64,6 +69,7 @@ func (h *HTTPRedirectListenerWrapper) WrapListener(l net.Listener) net.Listener // to respond to an HTTP request with a redirect. type httpRedirectListener struct { net.Listener + maxHeaderBytes int64 } // Accept waits for and returns the next connection to the listener, @@ -74,9 +80,14 @@ func (l *httpRedirectListener) Accept() (net.Conn, error) { return nil, err } + maxHeaderBytes := l.maxHeaderBytes + if maxHeaderBytes == 0 { + maxHeaderBytes = 1024 * 1024 + } + return &httpRedirectConn{ Conn: c, - r: bufio.NewReader(c), + r: bufio.NewReader(io.LimitReader(c, maxHeaderBytes)), }, nil } |