fixed bug in Mojo::Headers where max_line_size was not checked correctly

mojolicious · Jan 10, 2015 · 5676ba4 · 5676ba4
1 parent f72acd3
commit 5676ba4
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 5 deletions.
diff --git a/Changes b/Changes
@@ -4,6 +4,7 @@
     [foo="bar" i] to Mojo::DOM::CSS.
   - Improved Mojo::Reactor::EV to update the current time before starting a
     timer.
+  - Fixed bug in Mojo::Headers where max_line_size was not checked correctly.
   - Fixed whitespace bug in Mojo::DOM::CSS.
 
 5.71  2015-01-01

diff --git a/lib/Mojo/Headers.pm b/lib/Mojo/Headers.pm
@@ -90,7 +90,7 @@ sub parse {
     my $line = $1;
 
     # Check line size limit
-    if ($+[0] > $max) {
+    if (($self->{size} += $+[0]) > $max) {
       @$self{qw(state limit)} = ('finished', 1);
       return $self;
     }
@@ -110,7 +110,8 @@ sub parse {
   }
 
   # Check line size limit
-  @$self{qw(state limit)} = ('finished', 1) if length $self->{buffer} > $max;
+  @$self{qw(state limit)} = ('finished', 1)
+    if (($self->{size} ||= 0) + length $self->{buffer}) > $max;
 
   return $self;
 }
@@ -181,8 +182,8 @@ L<Mojo::Headers> implements the following attributes.
   my $size = $headers->max_line_size;
   $headers = $headers->max_line_size(1024);
 
-Maximum header line size in bytes, defaults to the value of the
-C<MOJO_MAX_LINE_SIZE> environment variable or C<10240> (10KB).
+Maximum size of all header lines combined in bytes, defaults to the value of
+the C<MOJO_MAX_LINE_SIZE> environment variable or C<10240> (10KB).
 
 =head1 METHODS
 
@@ -429,7 +430,7 @@ Check if header parser is finished.
 
   my $bool = $headers->is_limit_exceeded;
 
-Check if a header has exceeded C<max_line_size>.
+Check if a header has exceeded L</"max_line_size">.
 
 =head2 last_modified
 

diff --git a/t/mojo/request.t b/t/mojo/request.t
@@ -73,6 +73,23 @@ is $req->version,     '1.1', 'right version';
 is $req->url,         '/', 'right URL';
 is $req->body,        'a=b; ' x 131072, 'right content';
 
+# Parse HTTP 1.1 message with headers combined exceeding line limit
+$req = Mojo::Message::Request->new;
+is $req->headers->max_line_size, 10240, 'right size';
+$req->parse("GET / HTTP/1.1\x0d\x0a");
+$req->parse("Foo: @{['a' x 3413]}\x0d\x0a");
+ok !$req->is_limit_exceeded, 'limit is not exceeded';
+$req->parse("Bar: @{['b' x 3413]}\x0d\x0a");
+ok !$req->is_limit_exceeded, 'limit is not exceeded';
+$req->parse("Baz: @{['c' x 3413]}\x0d\x0a\x0d\x0a");
+ok $req->is_finished, 'request is finished';
+is $req->error->{message}, 'Maximum line size exceeded', 'right error';
+is $req->error->{advice}, 431, 'right advice';
+ok $req->is_limit_exceeded, 'limit is exceeded';
+is $req->method,            'GET', 'right method';
+is $req->version,           '1.1', 'right version';
+is $req->url,               '/', 'right URL';
+
 # Parse broken start line
 $req = Mojo::Message::Request->new;
 $req->parse("12345\x0d\x0a");