From d2a42123bf866c5095e1d67d274c8d87d10e685e Mon Sep 17 00:00:00 2001
From: Andrew Ryrie <smb314159@gmail.com>
Date: Mon, 4 May 2026 13:20:34 +0100
Subject: [PATCH 1/1] gemini responses: Fix unbounded header length

This could have led to a crash from resource exhaustion when pointed at a malicious or non-Gemini server which streamed a large amount of data with no CRLF in place of the normal response line.
---
 src/gmrequest.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/gmrequest.c b/src/gmrequest.c
index 9b9d2659..72270f88 100644
--- a/src/gmrequest.c
+++ b/src/gmrequest.c
@@ -267,6 +267,13 @@ static int processIncomingData_GmRequest_(iGmRequest *d, const iBlock *data) {
             checkServerCertificate_GmRequest_(d);
             iRelease(metaPattern);
         }
+        else if (size_String(&resp->meta) > 2048) {
+            /* The Gemini "tech overview" caps <META> at 1024 bytes; use 2048 for generosity */
+            clear_String(&resp->meta);
+            resp->statusCode = invalidHeader_GmStatusCode;
+            d->state         = finished_GmRequestState;
+            notifyDone       = iTrue;
+        }
     }
     else if (d->state == receivingBody_GmRequestState) {
         append_Block(&resp->body, data);
-- 
2.34.1