Be strict with error 431 header sizes

uNetworkingAB · uNetworkingAB · commit 10f73df63cd4 · 2024-03-10T02:29:45.000+01:00
diff --git a/src/HttpParser.h b/src/HttpParser.h
@@ -461,6 +461,11 @@ struct HttpParser {
             length -= consumed;
             consumedTotal += consumed;
 
+            /* Even if we could parse it, check for length here as well */
+            if (consumed > MAX_FALLBACK_SIZE) {
+                return {HTTP_ERROR_431_REQUEST_HEADER_FIELDS_TOO_LARGE, FULLPTR};
+            }
+
             /* Store HTTP version (ancient 1.0 or 1.1) */
             req->ancientHttp = false;
 
