From 0b79cd174fa38e6267986054f87c0f2c3446396d Mon Sep 17 00:00:00 2001
From: jprjr <jprpr@tilde.club>
Date: Sat, 16 May 2020 13:58:33 +0000
Subject: [PATCH] enforce a maximum header line length

---
 av98.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/av98.py b/av98.py
index ed56684..31aec44 100755
--- a/av98.py
+++ b/av98.py
@@ -334,9 +334,14 @@ you'll be able to transparently follow links to Gopherspace!""")
                 address, f = None, open(gi.path, "rb")
             else:
                 address, f = self._send_request(gi)
-            # Read response header
-            header = f.readline()
-            header = header.decode("UTF-8").strip()
+
+            # Spec dictates <META> should not exceed 1024 bytes
+            # but does not dictate a total maximum header length.
+            header = f.readline(2048)
+            header = header.decode("UTF-8")
+            if header[-1] != '\n':
+                raise RuntimeError("Received invalid header from server!")
+            header = header.strip()
             self._debug("Response header: %s." % header)
 
         # Catch network errors which may happen on initial connection