header bomber prevention
This commit is contained in:
parent
eaecaf7c73
commit
dec33b6cb0
1 changed files with 12 additions and 4 deletions
|
@ -16,17 +16,24 @@ type
|
|||
address* : string
|
||||
body* : string
|
||||
|
||||
proc readAllFromSocket(client : Socket, verb, postBody : var string, headers : var Table[string, string]) =
|
||||
proc readAllFromSocket(client : Socket, verb, postBody : var string, headers : var Table[string, string], maxSize : int) =
|
||||
var line : string
|
||||
client.readLine(line, timeout = 10, maxLength = 200)
|
||||
var sizeRead = 0
|
||||
client.readLine(line, timeout = 10, maxLength = 300)
|
||||
let t1 = getMonoTime()
|
||||
verb = line
|
||||
sizeRead+=line.len
|
||||
while client.hasDataBuffered():
|
||||
let duration = (t1-getMonoTime()).inMilliseconds()
|
||||
if duration >= 100:
|
||||
break
|
||||
client.readLine(line, timeout = 10, maxLength = 2000)
|
||||
|
||||
sizeRead+=line.len
|
||||
|
||||
if sizeRead >= maxSize:
|
||||
return
|
||||
|
||||
if line.contains(": "):
|
||||
let split = line.split(": ")
|
||||
headers[split[0]] = split[1]
|
||||
|
@ -50,7 +57,8 @@ proc respond*(req : Request, code : int, body : string, headers : TableRef[strin
|
|||
|
||||
proc dontFilter(a : Request) : bool = true
|
||||
|
||||
proc getRequest*(socket : Socket, filter : proc(a : Request) : bool = dontFilter) : Option[Request] =
|
||||
const defaultMaxRequestSize = 1024*50
|
||||
proc getRequest*(socket : Socket, filter : proc(a : Request) : bool = dontFilter, maxRequestSizeBytes = defaultMaxRequestSize) : Option[Request] =
|
||||
var address = ""
|
||||
var client: Socket
|
||||
echo "!"
|
||||
|
@ -60,7 +68,7 @@ proc getRequest*(socket : Socket, filter : proc(a : Request) : bool = dontFilter
|
|||
var verbRaw : string
|
||||
var postBody : string
|
||||
try:
|
||||
readAllFromSocket(client, verbRaw, postBody, headers)
|
||||
readAllFromSocket(client, verbRaw, postBody, headers, maxRequestSizeBytes)
|
||||
except CatchableError:
|
||||
discard
|
||||
let split = verbRaw.split(" ")
|
||||
|
|
Loading…
Reference in a new issue