header bomber prevention

This commit is contained in:
user 2025-01-15 16:06:28 -05:00
parent eaecaf7c73
commit dec33b6cb0

View file

@ -16,17 +16,24 @@ type
address* : string
body* : string
proc readAllFromSocket(client : Socket, verb, postBody : var string, headers : var Table[string, string]) =
proc readAllFromSocket(client : Socket, verb, postBody : var string, headers : var Table[string, string], maxSize : int) =
var line : string
client.readLine(line, timeout = 10, maxLength = 200)
var sizeRead = 0
client.readLine(line, timeout = 10, maxLength = 300)
let t1 = getMonoTime()
verb = line
sizeRead+=line.len
while client.hasDataBuffered():
let duration = (t1-getMonoTime()).inMilliseconds()
if duration >= 100:
break
client.readLine(line, timeout = 10, maxLength = 2000)
sizeRead+=line.len
if sizeRead >= maxSize:
return
if line.contains(": "):
let split = line.split(": ")
headers[split[0]] = split[1]
@ -50,7 +57,8 @@ proc respond*(req : Request, code : int, body : string, headers : TableRef[strin
proc dontFilter(a : Request) : bool = true
proc getRequest*(socket : Socket, filter : proc(a : Request) : bool = dontFilter) : Option[Request] =
const defaultMaxRequestSize = 1024*50
proc getRequest*(socket : Socket, filter : proc(a : Request) : bool = dontFilter, maxRequestSizeBytes = defaultMaxRequestSize) : Option[Request] =
var address = ""
var client: Socket
echo "!"
@ -60,7 +68,7 @@ proc getRequest*(socket : Socket, filter : proc(a : Request) : bool = dontFilter
var verbRaw : string
var postBody : string
try:
readAllFromSocket(client, verbRaw, postBody, headers)
readAllFromSocket(client, verbRaw, postBody, headers, maxRequestSizeBytes)
except CatchableError:
discard
let split = verbRaw.split(" ")