ilovenoah · ilovenoah · Mar 2, 2024 · Mar 2, 2024 · Mar 2, 2024 · Mar 2, 2024
diff --git a/inc/ClientSocket.hpp b/inc/ClientSocket.hpp
@@ -42,6 +42,7 @@ class ClientSocket {
 		void setLastSendTimestamp(std::time_t const lastSendTimestamp);
 		bool findCRLF();
 		ServerSocket *getServerSocket() const;
+		bool isOverBytesSize(const std::stringstream::pos_type bytes);
 };
 
 #endif
diff --git a/inc/Request.hpp b/inc/Request.hpp
@@ -1,6 +1,8 @@
 #ifndef REQUEST_HPP
 #define REQUEST_HPP
 
+#define REQUEST_HEADER_LIMITATION 1000
+
 #include <limits.h>
 
 #include <map>

diff --git a/inc/Response.hpp b/inc/Response.hpp
@@ -6,6 +6,7 @@
 #define HTTP_VERSION "HTTP/1.1"
 #define STATUS_OK "200"
 #define STATUS_CREATED "201"
+#define RESPONSE_HEADER_LIMITATION 1000
 
 #include <map>
 #include <string>

diff --git a/src/loop/loop.cpp b/src/loop/loop.cpp
@@ -176,7 +176,10 @@ bool loop(std::map<int, ServerSocket> &ssmap, Config &config) {
 				csiter->second->getPhase() == ClientSocket::CLOSE) {
 				continue;
 			}
-			if ((utils::findLF(csiter->second->buffer) ||
+			if (iter->second.getReqphase() != Request::RQBODY && utils::findLF(csiter->second->buffer) == false && csiter->second->isOverBytesSize(1000) == true) {
+				iter->second.init();
+				iter->second.setReqphase(Request::RQFIN);
+			} else if ((utils::findLF(csiter->second->buffer) ||
 				 iter->second.getReqphase() == Request::RQBODY)) {
 				ClientSocket::csphase nextcsphase =
 					iter->second.load(csiter->second->buffer);

diff --git a/src/request/Request.cpp b/src/request/Request.cpp
@@ -147,6 +147,14 @@ ClientSocket::csphase Request::load(std::stringstream &buffer) {
 		case Request::RQLINE: {
 			std::string line;
 			std::getline(buffer, line);
+			if (line.size() > 1000) {
+				this->_method.clear();
+				this->_path.clear();
+				this->_httpVersion.clear();
+				this->_phase = Request::RQFIN;
+				nextcsphase = ClientSocket::RECV;
+				break;
+			}
 			if (line.compare("\r") == 0) {
 				this->_phase = Request::RQLINE;
 				nextcsphase = ClientSocket::RECV;
@@ -177,6 +185,14 @@ ClientSocket::csphase Request::load(std::stringstream &buffer) {
 		case Request::RQHEADER: {
 			std::string line;
 			std::getline(buffer, line);
+			if (line.size() > 1000) {
+				this->_method.clear();
+				this->_path.clear();
+				this->_httpVersion.clear();
+				this->_phase = Request::RQFIN;
+				nextcsphase = ClientSocket::RECV;
+				break;
+			}
 			if (line.compare("\r") == 0) {
 				this->_phase = Request::RQBODY;
 				nextcsphase = ClientSocket::RECV;
@@ -190,6 +206,14 @@ ClientSocket::csphase Request::load(std::stringstream &buffer) {
 				nextcsphase = ClientSocket::RECV;
 				break;
 			}
+			if (this->_header.size() > REQUEST_HEADER_LIMITATION - 1) {
+				this->_method.clear();
+				this->_path.clear();
+				this->_httpVersion.clear();
+				this->_phase = Request::RQFIN;
+				nextcsphase = ClientSocket::RECV;
+				break;
+			}
 			line = utils::rmCR(line);
 			std::stringstream ss(line);
 			std::string key;

diff --git a/src/response/Response.cpp b/src/response/Response.cpp
@@ -458,6 +458,10 @@ void Response::_setCGIResponseHeader(const bool shouldKeepAlive) {
 		std::getline(hss, key, ':');
 		hss >> std::ws;
 		std::getline(hss, value);
+		if (this->_headers.size() > RESPONSE_HEADER_LIMITATION - 1) {
+			this->_headers.clear();
+			return ;
+		}
 		this->_headers.insert(std::pair<std::string, std::string>(key, value));
 	}
 	std::streampos endPos = ss.tellg();
@@ -561,6 +565,14 @@ ClientSocket::csphase Response::_setCGIResponse(Request &request,
 			break;
 		}
 		case CGIHandler::CGISET: {
+			if (this->_cgiHandler.getRbuffer().size() > 1000) {
+				this->_headers.clear();
+				this->_body.clear();
+				this->_setErrorResponse("500", false);
+				this->_cgiHandler.setCGIPhase(CGIHandler::CGIFIN);
+				this->setRawData();
+				break;
+			}
 			this->_setCGIResponseHeader(shouldKeepAlive);
 			this->_setCGIResponseBody();
 			this->_setCGIResponseStatus();

diff --git a/src/sockets/ClientSocket.cpp b/src/sockets/ClientSocket.cpp
@@ -108,4 +108,16 @@ void ClientSocket::setLastSendTimestamp(std::time_t const lastSendTimestamp) {
 
 ServerSocket *ClientSocket::getServerSocket() const {
 	return this->_serverSocket;
+}
+
+bool ClientSocket::isOverBytesSize(const std::stringstream::pos_type bytes) {
+	std::stringstream::pos_type posStart = this->buffer.tellg();
+	this->buffer.seekg(0, std::ios::end);
+	std::stringstream::pos_type posEnd = this->buffer.tellg();
+	if (posEnd - posStart > bytes) {
+		this->buffer.seekg(posStart);
+		return true;
+	}
+	this->buffer.seekg(posStart);
+	return false;
 }
diff --git a/tests/simple_server_function_test/request_file/cgi_invalid_size_of_header.txt b/tests/simple_server_function_test/request_file/cgi_invalid_size_of_header.txt
@@ -0,0 +1,7 @@
+host, localhost
+port, 8080
+
+
+GET /cgi-bin/invalid_size_of_header.py HTTP/1.1
+Host: test
+Connection: close
diff --git a/tests/simple_server_function_test/request_file/cgi_invalid_too_much_long_header_value.txt b/tests/simple_server_function_test/request_file/cgi_invalid_too_much_long_header_value.txt
@@ -0,0 +1,7 @@
+host, localhost
+port, 8080
+
+
+GET /cgi-bin/too_much_long_header_value.py HTTP/1.1
+Host: test
+Connection: close