From 8fd108c8a7a4fee03f6ec941679332c73c4d28eb Mon Sep 17 00:00:00 2001
From: Craig Drummond <craig.p.drummond@gmail.com>
Date: Sun, 20 Aug 2017 14:09:46 +0100
Subject: [PATCH] Reject HTTP requests that are greater than 32k Issue #1072

---
 http/httpsocket.cpp | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/http/httpsocket.cpp b/http/httpsocket.cpp
index 3d889c0fa..ca080ef8e 100644
--- a/http/httpsocket.cpp
+++ b/http/httpsocket.cpp
@@ -40,6 +40,8 @@
 #include <QDebug>
 #define DBUG if (HttpServer::debugEnabled()) qWarning() << "HttpSocket" << __FUNCTION__
 
+static const quint64 constMaxBuffer = 32768;
+
 static QString detectMimeType(const QString &file)
 {
     QString suffix = QFileInfo(file).suffix().toLower();
@@ -229,6 +231,9 @@ void HttpSocket::handleNewConnection()
     while (hasPendingConnections()) {
         QTcpSocket *socket = nextPendingConnection();
 
+        // prevent clients from sending too much data
+        socket->setReadBufferSize(constMaxBuffer);
+
         static const QLatin1String constIpV6Prefix("::ffff:");
 
         QString peer=socket->peerAddress().toString();
@@ -256,6 +261,15 @@ void HttpSocket::readClient()
     }
 
     QTcpSocket *socket = static_cast<QTcpSocket *>(sender());
+
+    if (socket->bytesAvailable() >= constMaxBuffer) {
+        // Request too large, reject
+        sendErrorResponse(socket, 400);
+        socket->close();
+        DBUG << "Request too large";
+        return;
+    }
+
     if (socket->canReadLine()) {
         QList<QByteArray> tokens = split(socket->readLine()); // QRegExp("[ \r\n][ \r\n]*"));
         if (tokens.length()>=2 && "GET"==tokens[0]) {