Use escape_default() and limit the buffer size for InvalidHTTPHeader errors when reading requests

3 files changed, 12 insertions, 5 deletions

diff --git a/.bleep b/.bleep
index fc2480c..3ff8501 100644
--- a/.bleep
+++ b/.bleep
@@ -1 +1 @@
-e75c747ab7fdca28b4753529ac05364ad34208b8
\ No newline at end of file
+d2ed77868cbf900541c50e562644d946b55a33fc
\ No newline at end of file
diff --git a/pingora-core/src/protocols/http/v1/client.rs b/pingora-core/src/protocols/http/v1/client.rs
index 4604544..7b12593 100644
--- a/pingora-core/src/protocols/http/v1/client.rs
+++ b/pingora-core/src/protocols/http/v1/client.rs
@@ -291,7 +291,7 @@ impl HttpSession {
                 HeaderParseState::Invalid(e) => {
                     return Error::e_because(
                         InvalidHTTPHeader,
-                        format!("buf: {:?}", String::from_utf8_lossy(&buf)),
+                        format!("buf: {}", String::from_utf8_lossy(&buf).escape_default()),
                         e,
                     );
                 }
diff --git a/pingora-core/src/protocols/http/v1/server.rs b/pingora-core/src/protocols/http/v1/server.rs
index 0b19970..f8783db 100644
--- a/pingora-core/src/protocols/http/v1/server.rs
+++ b/pingora-core/src/protocols/http/v1/server.rs
@@ -110,6 +110,8 @@ impl HttpSession {
     /// Return `Ok(None)` when the client closed the connection without sending any data, which
     /// is common on a reused connection.
     pub async fn read_request(&mut self) -> Result<Option<usize>> {
+        const MAX_ERR_BUF_LEN: usize = 2048;
+
         self.buf.clear();
         let mut buf = BytesMut::with_capacity(INIT_HEADER_BUF_SIZE);
         let mut already_read: usize = 0;
@@ -120,7 +122,7 @@ impl HttpSession {
                 this buffer */
                 return Error::e_explain(
                     InvalidHTTPHeader,
-                    format!("Request header larger than {}", MAX_HEADER_SIZE),
+                    format!("Request header larger than {MAX_HEADER_SIZE}"),
                 );
             }
 
@@ -236,18 +238,23 @@ impl HttpSession {
                                 already_read = buf.len();
                             } else {
                                 debug!("Invalid request header from {:?}", self.underlying_stream);
+                                buf.truncate(MAX_ERR_BUF_LEN);
                                 return Error::e_because(
                                     InvalidHTTPHeader,
-                                    format!("buf: {:?}", String::from_utf8_lossy(&buf)),
+                                    format!(
+                                        "buf: {}",
+                                        String::from_utf8_lossy(&buf).escape_default()
+                                    ),
                                     e,
                                 );
                             }
                         }
                         _ => {
                             debug!("Invalid request header from {:?}", self.underlying_stream);
+                            buf.truncate(MAX_ERR_BUF_LEN);
                             return Error::e_because(
                                 InvalidHTTPHeader,
-                                format!("buf: {:?}", String::from_utf8_lossy(&buf)),
+                                format!("buf: {}", String::from_utf8_lossy(&buf).escape_default()),
                                 e,
                             );
                         }