http.c: Give HTTP error response when received lines are too long.

Added a check when we receive a HTTP request line or header line that is
too long.  We now return an error response to the sender because we are
not able to process the request.

Change-Id: I6df2705435fd7dde4d5d3bdf7acec859cfb7c12d

main/http.c

@@ -1772,6 +1772,7 @@ static int http_request_headers_get(struct ast_tcptls_session_instance *ser, str
 
 	remaining_headers = MAX_HTTP_REQUEST_HEADERS;
 	for (;;) {
+		size_t len;
 		char *name;
 		char *value;
 
@@ -1779,6 +1780,13 @@ static int http_request_headers_get(struct ast_tcptls_session_instance *ser, str
 			ast_http_error(ser, 400, "Bad Request", "Timeout");
 			return -1;
 		}
+		len = strlen(header_line);
+		if (!len || header_line[len - 1] != '\n') {
+			/* We didn't get a full line */
+			ast_http_error(ser, 400, "Bad Request",
+				(len == sizeof(header_line) - 1) ? "Header line too long" : "Timeout");
+			return -1;
+		}
 
 		/* Trim trailing characters */
 		ast_trim_blanks(header_line);
@@ -1847,6 +1855,7 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
 	struct http_worker_private_data *request;
 	enum ast_http_method http_method = AST_HTTP_UNKNOWN;
 	int res;
+	size_t len;
 	char request_line[MAX_HTTP_LINE_LENGTH];
 
 	if (!fgets(request_line, sizeof(request_line), ser->f)) {
@@ -1857,6 +1866,14 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
 	request = ser->private_data;
 	http_request_tracking_init(request);
 
+	len = strlen(request_line);
+	if (!len || request_line[len - 1] != '\n') {
+		/* We didn't get a full line */
+		ast_http_error(ser, 400, "Bad Request",
+			(len == sizeof(request_line) - 1) ? "Request line too long" : "Timeout");
+		return -1;
+	}
+
 	/* Get method */
 	method = ast_skip_blanks(request_line);
 	uri = ast_skip_nonblanks(method);