webrick/httprequest: limit request headers size

We use the same 112 KB limit started (AFAIK) by Mongrel, Thin,
and Puma to prevent malicious users from using up all the memory
with a single request.  This also limits the damage done by
excessive ranges in multipart Range: requests.

Due to the way we rely on IO#gets and the desire to keep
the code simple, the actual maximum header may be 4093 bytes
larger than 112 KB, but we're splitting hairs at that point.

* lib/webrick/httprequest.rb: define MAX_HEADER_LENGTH
  (read_header): raise when headers exceed max length

git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@62960 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

1 files changed, 17 insertions, 0 deletions

diff --git a/test/webrick/test_httpserver.rb b/test/webrick/test_httpserver.rb
index 5ae105dabe..acb15791ad 100644
--- a/test/webrick/test_httpserver.rb
+++ b/test/webrick/test_httpserver.rb
@@ -441,4 +441,21 @@ class TestWEBrickHTTPServer < Test::Unit::TestCase
     s&.shutdown
     th&.join
   end
+
+  def test_gigantic_request_header
+    log_tester = lambda {|log, access_log|
+      assert_equal 1, log.size
+      assert log[0].include?('ERROR headers too large')
+    }
+    TestWEBrick.start_httpserver({}, log_tester){|server, addr, port, log|
+      server.mount('/', WEBrick::HTTPServlet::FileHandler, __FILE__)
+      TCPSocket.open(addr, port) do |c|
+        c.write("GET / HTTP/1.0\r\n")
+        junk = -"X-Junk: #{' ' * 1024}\r\n"
+        assert_raise(Errno::ECONNRESET, Errno::EPIPE) do
+          loop { c.write(junk) }
+        end
+      end
+    }
+  end
 end