nghttpx: Drop connection if client hello is too large

8410f684 · Tatsuhiro Tsujikawa · ff44e211 · 8410f684
Commit 8410f684 authored Aug 10, 2015 by Tatsuhiro Tsujikawa
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

src/shrpx_connection.cc src/shrpx_connection.cc +9 -0

No files found.
--- a/src/shrpx_connection.cc
+++ b/src/shrpx_connection.cc
@@ -306,6 +306,15 @@ int Connection::tls_handshake() {
  // We have limited space for read buffer, so stop reading if it
  // filled up.
  if (tls.rb->wleft() == 0) {
+    if (tls.handshake_state != TLS_CONN_WRITE_STARTED) {
+      // Reading 16KiB before writing server hello is unlikely for
+      // ordinary client.
+      if (LOG_ENABLED(INFO)) {
+        LOG(INFO) << "tls: client hello is too large";
+      }
+      return -1;
+    }
+
    rlimit.stopw();
    ev_timer_stop(loop, &rt);
  }