Protect against infinite send()

loudapet commented 1 month ago

Two possible cases:

User-Agent keeps sending /r/n/r/n infinitely

Proposed solution: configure a max amount of CRLF (carriage return - line feed) sequences that we skip (I propose 100); if there are more, just throw an error. It's more or less up to us, as RFC says the following:

In the interest of robustness, a server that is expecting to receive and parse a request-line SHOULD ignore at least one empty line (CRLF) received prior to the request-line.

User-Agent keeps sending everything but the ending sequence infinitely, no /r/n/r/n ever appears

Proposed solution: configure max length of the field section (and max_body_size too) - since we should support start-line of at least 8000 octets, it should definitely be larger than this value, but not too large; 100 kB should be enough?

loudapet commented 1 week ago

414 URI Too Long

andreaulicna commented 1 week ago

Closed by 3b1eb80aa999bc6b2262b7360d700cb1344c8507

https://github.com/loudapet/42webserv/issues/44#issuecomment-2196331234

hasValidHeaderEnd checks for the buffer being longer than CLIENT_MESSAGE_BUFF * 2 (without finding the valid header end| and throws 413 if so

loudapet / 42webserv

Protect against infinite send() #12