From 0f0f01ddf69b156a0e7f1ffc62325d1f61c5f17b Mon Sep 17 00:00:00 2001
From: Darien Raymond <admin@v2ray.com>
Date: Mon, 19 Dec 2016 12:16:57 +0100
Subject: [PATCH] return error when header too long

---
 transport/internet/headers/http/http.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/transport/internet/headers/http/http.go b/transport/internet/headers/http/http.go
index abf12a0b..6f54ba8f 100644
--- a/transport/internet/headers/http/http.go
+++ b/transport/internet/headers/http/http.go
@@ -2,6 +2,7 @@ package http
 
 import (
 	"bytes"
+	"errors"
 	"io"
 	"net"
 	"net/http"
@@ -17,11 +18,13 @@ const (
 	CRLF   = "\r\n"
 	ENDING = CRLF + CRLF
 
+	// max length of HTTP header. Safety precaution for DDoS attack.
 	maxHeaderLength = 8192
 )
 
 var (
-	writeCRLF = serial.WriteString(CRLF)
+	ErrHeaderToLong = errors.New("Header too long.")
+	writeCRLF       = serial.WriteString(CRLF)
 )
 
 type Reader interface {
@@ -50,6 +53,7 @@ type HeaderReader struct {
 func (*HeaderReader) Read(reader io.Reader) (*buf.Buffer, error) {
 	buffer := buf.NewSmall()
 	totalBytes := 0
+	endingDetected := false
 	for totalBytes < maxHeaderLength {
 		err := buffer.AppendSupplier(buf.ReadFrom(reader))
 		if err != nil {
@@ -57,6 +61,7 @@ func (*HeaderReader) Read(reader io.Reader) (*buf.Buffer, error) {
 		}
 		if n := bytes.Index(buffer.Bytes(), []byte(ENDING)); n != -1 {
 			buffer.SliceFrom(n + len(ENDING))
+			endingDetected = true
 			break
 		}
 		if buffer.Len() >= len(ENDING) {
@@ -71,6 +76,10 @@ func (*HeaderReader) Read(reader io.Reader) (*buf.Buffer, error) {
 		buffer.Release()
 		return nil, nil
 	}
+	if !endingDetected {
+		buffer.Release()
+		return nil, ErrHeaderToLong
+	}
 	return buffer, nil
 }