From 8c03a1cb66412ba184c221192c8ac32f4865c262 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Fri, 8 May 2020 20:01:35 +0200
Subject: send_dir_redirect: increase response buffer, detect truncation

Thanks @duncaen.
---
 hittpd.c | 65 ++++++++++++++++++++++++++++++++++------------------------------
 1 file changed, 35 insertions(+), 30 deletions(-)

diff --git a/hittpd.c b/hittpd.c
index c4a9f91..1cc12c0 100644
--- a/hittpd.c
+++ b/hittpd.c
@@ -233,7 +233,7 @@ accesslog(http_parser *p, int status)
 }
 
 void
-send_dir_redirect(http_parser *p)
+send_error(http_parser *p, int status, const char *msg)
 {
 	struct conn_data *data = p->data;
 	char buf[512];
@@ -241,6 +241,35 @@ send_dir_redirect(http_parser *p)
 	char now[64];
 	httpdate(time(0), now);
 
+	int len = snprintf(buf, sizeof buf,
+	    "HTTP/%d.%d %d %s\r\n"
+	    "Content-Length: %ld\r\n"
+	    "Date: %s\r\n"
+	    "\r\n",
+	    p->http_major,
+	    p->http_minor,
+	    status, msg,
+	    (data->last = 4 + strlen(msg) + 2),
+	    now);
+
+	if (p->method != HTTP_HEAD)
+		len += snprintf(buf + len, sizeof buf - len,
+		    "%03d %s\r\n",
+		    status, msg);
+
+	write(data->fd, buf, len);
+	accesslog(p, status);
+}
+
+void
+send_dir_redirect(http_parser *p)
+{
+	struct conn_data *data = p->data;
+	char buf[2048];
+
+	char now[64];
+	httpdate(time(0), now);
+
 	int len = snprintf(buf, sizeof buf,
 	    "HTTP/1.%d 301 Moved Permanently\r\n"
 	    "Content-Length: 0\r\n"
@@ -251,6 +280,11 @@ send_dir_redirect(http_parser *p)
 	    now,
 	    data->path);
 
+	if (len >= (int)sizeof buf) {
+		send_error(p, 413, "Payload Too Large");
+		return;
+	}
+
 	// XXX include redirect link?
 
 	data->last = data->first = 0;
@@ -282,35 +316,6 @@ send_not_modified(http_parser *p, time_t modified)
 	accesslog(p, 304);
 }
 
-void
-send_error(http_parser *p, int status, const char *msg)
-{
-	struct conn_data *data = p->data;
-	char buf[512];
-
-	char now[64];
-	httpdate(time(0), now);
-
-	int len = snprintf(buf, sizeof buf,
-	    "HTTP/%d.%d %d %s\r\n"
-	    "Content-Length: %ld\r\n"
-	    "Date: %s\r\n"
-	    "\r\n",
-	    p->http_major,
-	    p->http_minor,
-	    status, msg,
-	    (data->last = 4 + strlen(msg) + 2),
-	    now);
-
-	if (p->method != HTTP_HEAD)
-		len += snprintf(buf + len, sizeof buf - len,
-		    "%03d %s\r\n",
-		    status, msg);
-
-	write(data->fd, buf, len);
-	accesslog(p, status);
-}
-
 void
 send_rns(http_parser *p, off_t filesize)
 {
-- 
cgit 1.4.1