htparser: Implemented resource limits for response headers as well.

diff --git a/src/htparser.c b/src/htparser.c
index 1ed91754f78f36d62c6de672fb7c1a06a9a3fff8..ba76d01be0fc4e38b5ae7bd4af41e91816e5e961 100644 (file)
--- a/src/htparser.c
+++ b/src/htparser.c
@@ -146,6 +146,8 @@ static struct hthead *parseresp(FILE *in)
            goto fail;
        } else {
            bufadd(ver, c);
+           if(ver.d >= 128)
+               goto fail;
        }
     }
     while(1) {
@@ -156,6 +158,8 @@ static struct hthead *parseresp(FILE *in)
            goto fail;
        } else {
            code = (code * 10) + (c - '0');
+           if(code >= 10000)
+               goto fail;
        }
     }
     while(1) {
@@ -167,6 +171,8 @@ static struct hthead *parseresp(FILE *in)
            goto fail;
        } else {
            bufadd(msg, c);
+           if(msg.d >= 512)
+               goto fail;
        }
     }
     bufadd(msg, 0);