Mercurial > hg > nginx

diff src/http/v3/ngx_http_v3_parse.c @ 8454:032cb35ce758 quic

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
HTTP/3: http3_max_field_size directive to limit string size. Client streams may send literal strings which are now limited in size by the new directive. The default value is 4096. The directive is similar to HTTP/2 directive http2_max_field_size.
author Roman Arutyunyan <arut@nginx.com>
date Mon, 29 Jun 2020 15:56:14 +0300
parents 5649079a41f4
children b0e81f49d7c0
line wrap: on
line diff
--- a/src/http/v3/ngx_http_v3_parse.c
+++ b/src/http/v3/ngx_http_v3_parse.c
@@ -399,7 +399,8 @@ ngx_int_t
 ngx_http_v3_parse_literal(ngx_connection_t *c, ngx_http_v3_parse_literal_t *st,
     u_char ch)
 {
-    ngx_uint_t  n;
+    ngx_uint_t               n;
+    ngx_http_v3_srv_conf_t  *v3cf;
     enum {
         sw_start = 0,
         sw_value
@@ -415,6 +416,14 @@ ngx_http_v3_parse_literal(ngx_connection
 
         n = st->length;
 
+        v3cf = ngx_http_v3_get_module_srv_conf(c, ngx_http_v3_module);
+
+        if (n > v3cf->max_field_size) {
+            ngx_log_error(NGX_LOG_ERR, c->log, 0,
+                          "client exceeded http3_max_field_size limit");
+            return NGX_ERROR;
+        }
+
         if (st->huffman) {
             n = n * 8 / 5;
             st->huffstate = 0;