commit cbd1ff48e902243864a1eda8a1d737fc034ef04b
parent 3769ddebc60a7d40ad2e8446626db8bb2af6bcf6
Author: solderpunk <solderpunk@sdf.org>
Date: Sat, 16 May 2020 12:54:00 -0400
Merge pull request 'Limit server header response length' (#9) from jprjr/AV-98:header-limit into master
Diffstat:
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/av98.py b/av98.py
@@ -334,9 +334,14 @@ you'll be able to transparently follow links to Gopherspace!""")
address, f = None, open(gi.path, "rb")
else:
address, f = self._send_request(gi)
- # Read response header
- header = f.readline()
- header = header.decode("UTF-8").strip()
+
+ # Spec dictates <META> should not exceed 1024 bytes
+ # but does not dictate a total maximum header length.
+ header = f.readline(2048)
+ header = header.decode("UTF-8")
+ if header[-1] != '\n':
+ raise RuntimeError("Received invalid header from server!")
+ header = header.strip()
self._debug("Response header: %s." % header)
# Catch network errors which may happen on initial connection
@@ -361,7 +366,7 @@ Slow internet connection? Use 'set timeout' to be more patient.""")
# Validate header
status, meta = header.split(maxsplit=1)
- if len(header) > 1024 or len(status) != 2 or not status.isnumeric():
+ if len(meta) > 1024 or len(status) != 2 or not status.isnumeric():
print("ERROR: Received invalid header from server!")
f.close()
return
