diff --git a/src/main/java/org/redkale/net/http/HttpRequest.java b/src/main/java/org/redkale/net/http/HttpRequest.java index 7ce9385a5..a3e40fd62 100644 --- a/src/main/java/org/redkale/net/http/HttpRequest.java +++ b/src/main/java/org/redkale/net/http/HttpRequest.java @@ -374,6 +374,14 @@ public class HttpRequest extends Request { this.headers.setAll(httpLast.headers); } else if (context.lazyHeader && getmethod) { // 非GET必须要读header,会有Content-Length int rs = loadHeaderBytes(buffer); + if (rs >= 0 && this.headerLength > context.getMaxHeader()) { + context.getLogger() + .log( + Level.WARNING, + "http header.length must lower " + context.getMaxHeader() + ", but " + + this.headerLength + ", path: " + requestPath); + return -1; + } if (rs != 0) { buffer.clear(); return rs; @@ -382,6 +390,14 @@ public class HttpRequest extends Request { } else { int startpos = buffer.position(); int rs = readHeaderLines(buffer, bytes); + if (rs >= 0 && this.headerLength > context.getMaxHeader()) { + context.getLogger() + .log( + Level.WARNING, + "http header.length must lower " + context.getMaxHeader() + ", but " + + this.headerLength + ", path: " + requestPath); + return -1; + } if (rs != 0) { this.headerHalfLen = bytes.length(); buffer.clear(); @@ -392,9 +408,6 @@ public class HttpRequest extends Request { this.headerHalfLen = this.headerLength; } bytes.clear(); - if (this.headerLength > context.getMaxHeader()) { - return -1; - } if (this.contentType != null && this.contentType.contains("boundary=")) { this.boundary = true; } @@ -412,6 +425,11 @@ public class HttpRequest extends Request { } if (this.contentLength > 0 && (this.contentType == null || !this.boundary)) { if (this.contentLength > context.getMaxBody()) { + context.getLogger() + .log( + Level.WARNING, + "http body.length must lower " + context.getMaxBody() + ", but " + + this.contentLength + ", path: " + requestPath); return -1; } bytes.put(buffer, Math.min((int) this.contentLength, buffer.remaining())); @@ -436,6 +454,7 @@ public class HttpRequest extends Request { } else if (!getmethod && this.contentLength < 0 && keepAlive) { // keep-alive=true: Content-Length和chunk必然是二选一。 // keep-alive=false: Content-Length可有可无. + context.getLogger().log(Level.WARNING, "http not found content-length or chunk, path: " + requestPath); return -1; } } diff --git a/src/main/java/org/redkale/net/sncp/SncpRequest.java b/src/main/java/org/redkale/net/sncp/SncpRequest.java index 677f938e4..a9e9ca69f 100644 --- a/src/main/java/org/redkale/net/sncp/SncpRequest.java +++ b/src/main/java/org/redkale/net/sncp/SncpRequest.java @@ -82,7 +82,7 @@ public class SncpRequest extends Request { context.getLogger() .log( Level.WARNING, - "sncp buffer header.length must more " + SncpHeader.HEADER_SUBSIZE + ", but " + "sncp header.length must more " + SncpHeader.HEADER_SUBSIZE + ", but " + this.headerSize); return -1; } @@ -90,8 +90,7 @@ public class SncpRequest extends Request { context.getLogger() .log( Level.WARNING, - "sncp buffer header.length must lower " + context.getMaxHeader() + ", but " - + this.headerSize); + "sncp header.length must lower " + context.getMaxHeader() + ", but " + this.headerSize); return -1; } this.readState = READ_STATE_HEADER; @@ -116,14 +115,14 @@ public class SncpRequest extends Request { halfArray.clear(); } if (this.header.getRetcode() != 0) { // retcode - context.getLogger().log(Level.WARNING, "sncp buffer header.retcode not 0"); + context.getLogger().log(Level.WARNING, "sncp header.retcode not 0"); return -1; } if (this.header.getBodyLength() > context.getMaxBody()) { context.getLogger() .log( Level.WARNING, - "sncp buffer body.length must lower " + context.getMaxBody() + ", but " + "sncp body.length must lower " + context.getMaxBody() + ", but " + this.header.getBodyLength()); return -1; }