From: rs <>
Date: Mon, 22 Dec 2025 03:14:47 +0000 (-0600)
Subject: Fix request reception bugs
X-Git-Url: https://git.the-white-hart.net/?a=commitdiff_plain;h=a33712be902c581254cedd379ffd8f923bed890e;p=gemini%2Fcbs-server.git

Fix request reception bugs

* Reject requests longer than 1024 bytes, as per standard
* Prevent slow-loris-style timeouts
---

diff --git a/cbs-srv.py b/cbs-srv.py
index cb7b6f0..1940529 100755
--- a/cbs-srv.py
+++ b/cbs-srv.py
@@ -13,6 +13,7 @@ import mimetypes
 
 import logging
 import yaml
+import time
 
 logging.basicConfig(level=logging.INFO)
 mimetypes.add_type('text/gemini', '.gmi')
@@ -33,20 +34,26 @@ class CBSException(Exception):
         self.logdata = logdata
 
 
-def recv_req(conn: SSL.Connection, timeout=.1):
+def recv_req(conn: SSL.Connection, timeout=.5):
     data = b''
+    start = time.time()
     while True:
+        # This prevents "slow loris" types of timeouts
+        if time.time() > start + timeout:
+            raise CBSException(59, 'Timeout while waiting for URL')
         ready = select.select([conn], [], [], timeout)
         if ready[0]:
-            data += conn.recv(4096)
+            data += conn.recv(1024)
             if b'\r\n' in data:
                 lines = data.splitlines()
                 if len(lines) > 1:
-                    logging.warning('Discarding data after URL line of request: {}'.format(data))
+                    logging.warning(f'Discarding data after URL line of request: {data}')
+                if len(lines[0]) > 1024:
+                    raise CBSException(59, 'URL too long', lines[0])
                 try:
                     req = lines[0].decode('ascii')
                 except UnicodeDecodeError:
-                    raise CBSException(59, 'Non-ascii URL', data)
+                    raise CBSException(59, 'Non-ascii URL', lines[0])
                 return req
         else:
             raise CBSException(59, 'Timeout while waiting for URL')