Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-misc/curl/files/curl-8.1.0-header-length.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-misc/curl/files/curl-8.1.0-header-length.patch')
-rw-r--r--net-misc/curl/files/curl-8.1.0-header-length.patch86
1 files changed, 86 insertions, 0 deletions
diff --git a/net-misc/curl/files/curl-8.1.0-header-length.patch b/net-misc/curl/files/curl-8.1.0-header-length.patch
new file mode 100644
index 000000000000..6229fd817f2a
--- /dev/null
+++ b/net-misc/curl/files/curl-8.1.0-header-length.patch
@@ -0,0 +1,86 @@
+https://github.com/curl/curl/commit/77c9a9845bbee66f3aff158b8452dc8cd963cbd5.patch
+From: =?UTF-8?q?Emilio=20Cobos=20=C3=81lvarez?= <emilio@crisal.io>
+Date: Thu, 18 May 2023 18:22:57 +0200
+Subject: [PATCH] http2: double http request parser max line length
+
+This works around #11138, by doubling the limit, and should be a
+relatively safe fix.
+
+Ideally the buffer would grow as needed and there would be no need for a
+limit? But that might be follow-up material.
+
+Fixes #11138
+Closes #11139
+---
+ lib/http1.h | 2 ++
+ lib/http2.c | 2 +-
+ lib/vquic/curl_msh3.c | 2 +-
+ lib/vquic/curl_ngtcp2.c | 2 +-
+ lib/vquic/curl_quiche.c | 2 +-
+ 5 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/lib/http1.h b/lib/http1.h
+index c2d107587a6f8..8acb9db401a95 100644
+--- a/lib/http1.h
++++ b/lib/http1.h
+@@ -33,6 +33,8 @@
+ #define H1_PARSE_OPT_NONE (0)
+ #define H1_PARSE_OPT_STRICT (1 << 0)
+
++#define H1_PARSE_DEFAULT_MAX_LINE_LEN (8 * 1024)
++
+ struct h1_req_parser {
+ struct http_req *req;
+ struct bufq scratch;
+diff --git a/lib/http2.c b/lib/http2.c
+index 47e6f71393156..4e3b182b8d815 100644
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -1860,7 +1860,7 @@ static ssize_t h2_submit(struct stream_ctx **pstream,
+ nghttp2_priority_spec pri_spec;
+ ssize_t nwritten;
+
+- Curl_h1_req_parse_init(&h1, (4*1024));
++ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
+ Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
+
+ *err = http2_data_setup(cf, data, &stream);
+diff --git a/lib/vquic/curl_msh3.c b/lib/vquic/curl_msh3.c
+index 40e89379fc402..173886739b6dc 100644
+--- a/lib/vquic/curl_msh3.c
++++ b/lib/vquic/curl_msh3.c
+@@ -575,7 +575,7 @@ static ssize_t cf_msh3_send(struct Curl_cfilter *cf, struct Curl_easy *data,
+
+ CF_DATA_SAVE(save, cf, data);
+
+- Curl_h1_req_parse_init(&h1, (4*1024));
++ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
+ Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
+
+ /* Sizes must match for cast below to work" */
+diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
+index 05f960afdffa1..7794f148c6ec9 100644
+--- a/lib/vquic/curl_ngtcp2.c
++++ b/lib/vquic/curl_ngtcp2.c
+@@ -1550,7 +1550,7 @@ static ssize_t h3_stream_open(struct Curl_cfilter *cf,
+ nghttp3_data_reader reader;
+ nghttp3_data_reader *preader = NULL;
+
+- Curl_h1_req_parse_init(&h1, (4*1024));
++ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
+ Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
+
+ *err = h3_data_setup(cf, data);
+diff --git a/lib/vquic/curl_quiche.c b/lib/vquic/curl_quiche.c
+index 392b9beb83c59..c63e8e10a22e0 100644
+--- a/lib/vquic/curl_quiche.c
++++ b/lib/vquic/curl_quiche.c
+@@ -913,7 +913,7 @@ static ssize_t h3_open_stream(struct Curl_cfilter *cf,
+ DEBUGASSERT(stream);
+ }
+
+- Curl_h1_req_parse_init(&h1, (4*1024));
++ Curl_h1_req_parse_init(&h1, H1_PARSE_DEFAULT_MAX_LINE_LEN);
+ Curl_dynhds_init(&h2_headers, 0, DYN_HTTP_REQUEST);
+
+ DEBUGASSERT(stream);