Added extra header validation by checking size incrementally during processing

Author: hsbt

lib/net/http/header.rb

@@ -181,11 +181,19 @@
 module Net::HTTPHeader
   MAX_KEY_LENGTH = 1024
   MAX_FIELD_LENGTH = 65536
+  MAX_HEADER_LENGTH = 1024 * 1024 # 1 MiB
 
   def initialize_http_header(initheader) #:nodoc:
     @header = {}
     return unless initheader
+
+    total_header_size = 0
     initheader.each do |key, value|
+      total_header_size += (key.to_s.bytesize + (value ? value.to_s.bytesize : 0))
+      if total_header_size > MAX_HEADER_LENGTH
+        raise ArgumentError, "headers too large (#{total_header_size} bytes exceeds #{MAX_HEADER_LENGTH} bytes limit)"
+      end
+
       warn "net/http: duplicated HTTP header: #{key}", uplevel: 3 if key?(key) and $VERBOSE
       if value.nil?
         warn "net/http: nil HTTP header: #{key}", uplevel: 3 if $VERBOSE

test/net/http/test_httpheader.rb

@@ -40,6 +40,20 @@ def test_initialize_with_symbol
     assert_equal "abc", @c["foo"]
   end
 
+  def test_initialize_with_max_header_length_exceeded
+    field_value = 'x' * (Net::HTTPHeader::MAX_FIELD_LENGTH - 100)
+    num_headers = (Net::HTTPHeader::MAX_HEADER_LENGTH / Net::HTTPHeader::MAX_FIELD_LENGTH) + 2
+
+    large_headers = {}
+    num_headers.times do |i|
+      large_headers["Header#{i}"] = field_value
+    end
+
+    assert_raise(ArgumentError) do
+      @c.initialize_http_header(large_headers)
+    end
+  end
+
   def test_size
     assert_equal 0, @c.size
     @c['a'] = 'a'