Define MAX_URL_LENGTH and limit header parsing iterations

Added a macro `MAX_URL_LENGTH` set to 8000 to prevent overly long URLs. Updated the loop conditions in `parse_http_packet` and header parsing to include iteration limits, enhancing input validation and preventing potential buffer overflows.
SeriousSamV · Oct 31, 2024 · 45a3e9a · 45a3e9a
1 parent 7a3ae74
commit 45a3e9a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/src/tiny_http/tiny_http_server_lib.c b/src/tiny_http/tiny_http_server_lib.c
@@ -55,7 +55,7 @@ http_request *parse_http_request(const uint8_t *const http_packet, const size_t
     printf("request method: %d", request->method);
 #endif
 
-    for (; ptr < http_packet_len; ptr++) {
+    for (int iter_cnt = 0; ptr < http_packet_len || iter_cnt < MAX_URL_LENGTH; ptr++, iter_cnt++) {
         if (http_packet[ptr] == ' ') {
             request->url = strndup((char *) &http_packet[start_uri], ptr - start_uri);
             ptr++;
@@ -106,7 +106,7 @@ http_request *parse_http_request(const uint8_t *const http_packet, const size_t
         http_header *header = calloc(1, sizeof(http_header));
         const size_t header_name_start_ptr = ptr;
         size_t header_name_len = 0;
-        for (; ptr < http_packet_len; ptr++) {
+        for (int iter_cnt = 0; ptr < http_packet_len || iter_cnt < 8; ptr++, iter_cnt++) {
             if (http_packet[ptr] == ' ') {
                 header_name_len = ptr - header_name_start_ptr;
                 break;

diff --git a/src/tiny_http/tiny_http_server_lib.h b/src/tiny_http/tiny_http_server_lib.h
@@ -7,6 +7,8 @@
 #include <stdint.h>
 #include <stddef.h>
 
+#define MAX_URL_LENGTH 8000
+
 typedef enum http_version {
     HTTP_1_0 = 1,
 } http_version;