From 1910c5c58090187f77cfefd5cde7c279d658bb85 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Sat, 9 May 2020 18:34:06 +0200
Subject: detect too big header generation

---
 hittpd.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/hittpd.c b/hittpd.c
index 13306fe..7ea8592 100644
--- a/hittpd.c
+++ b/hittpd.c
@@ -299,11 +299,22 @@ send_response(http_parser *p, int status, const char *msg,
 	    now,
 	    extra_headers);
 
-	if (!(status == 204 || status == 304))
+	if (len >= (int)sizeof buf) {
+		send_error(p, 413, "Payload Too Large");
+		return;
+	}
+
+	if (!(status == 204 || status == 304)) {
 		len += snprintf(buf + len, sizeof buf - len,
 		    "Content-Length: %jd\r\n",
 		    content_length(data));
 
+		if (len >= (int)sizeof buf) {
+			send_error(p, 413, "Payload Too Large");
+			return;
+		}
+	}
+
 	len += snprintf(buf + len, sizeof buf - len,
 	    "\r\n"
 	    "%s",
-- 
cgit 1.4.1