From 10f73df63cd484a97c0f289a5acd96537f4e3937 Mon Sep 17 00:00:00 2001
From: Alex Hultman <alexhultman@gmail.com>
Date: Sun, 10 Mar 2024 02:29:45 +0100
Subject: [PATCH] Be strict with error 431 header sizes

---
 src/HttpParser.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/HttpParser.h b/src/HttpParser.h
index 64d5951b0..02126ed13 100644
--- a/src/HttpParser.h
+++ b/src/HttpParser.h
@@ -461,6 +461,11 @@ struct HttpParser {
             length -= consumed;
             consumedTotal += consumed;
 
+            /* Even if we could parse it, check for length here as well */
+            if (consumed > MAX_FALLBACK_SIZE) {
+                return {HTTP_ERROR_431_REQUEST_HEADER_FIELDS_TOO_LARGE, FULLPTR};
+            }
+
             /* Store HTTP version (ancient 1.0 or 1.1) */
             req->ancientHttp = false;