Enhance error handling for HTTP/2 file size, validate mmap cache entries, improve WebSocket connection handling, enforce maximum URI length, and limit WebSocket payload size.

2025-11-02 12:22:12 +01:00
parent 636b221d62
commit 01874b0e5a
4 changed files with 71 additions and 6 deletions
--- a/src/http2.c
+++ b/src/http2.c
@@ -233,6 +233,19 @@ static int on_frame_recv_callback(nghttp2_session *session,
                    break;
                }

+                if (st.st_size < 0 || st.st_size > 0x7FFFFFFFFFFFFFFF)
+                {
+                    close(fd);
+                    log_event("HTTP/2: File size out of bounds");
+                    
+                    // Send 500 error
+                    nghttp2_nv hdrs[] = {
+                        {(uint8_t *)":status", (uint8_t *)"500", 7, 3, NGHTTP2_NV_FLAG_NONE},
+                        {(uint8_t *)"content-type", (uint8_t *)"text/plain", 12, 10, NGHTTP2_NV_FLAG_NONE}};
+                    nghttp2_submit_response(session, frame->hd.stream_id, hdrs, 2, NULL);
+                    break;
+                }
+
                // Get MIME type
                char *mime_type = get_mime_type(filepath);
                if (!mime_type)