Fix for "Filename too long" message when HTTP OCSP request received

2 files changed, 39 insertions, 27 deletions

diff --git a/src/Configuration.h b/src/Configuration.h
index 4c2aa8a8..9bc3a6a9 100644
--- a/src/Configuration.h
+++ b/src/Configuration.h
@@ -356,6 +356,14 @@ constexpr size_t FILE_BUFFER_SIZE = 128;
 #define SCANS_DIRECTORY "0:/scans/"					// Directory for uploaded 3D scans
 #define FILAMENTS_DIRECTORY "0:/filaments/"			// Directory for filament configurations
 #define MENU_DIR "0:/menu/"							// Directory for menu files
+
+// MaxExpectedWebDirFilenameLength is the maximum length of a filename that we can accept in a HTTP request without rejecting it out of hand
+// It must be at least as long as any web file request from DWC, which is the file path excluding the initial "0:/www" and the trailing ".gz, possibly with "/" prepended.
+// As at 2020-05-02 the longest filename requested by DWC is "/fonts/materialdesignicons-webfont.3e2c1c79.eot" which is 48 characters long
+// It must be small enough that a filename within this length doesn't cause an overflow in MassStorage::CombineName. This is checked by the static_assert below.
+constexpr size_t MaxExpectedWebDirFilenameLength = MaxFilenameLength - 20;
+static_assert(MaxExpectedWebDirFilenameLength + strlen(WEB_DIR) + strlen(".gz") <= MaxFilenameLength);
+
 #define UPLOAD_EXTENSION ".part"					// Extension to a filename for a file being uploaded
 
 #define CONFIG_FILE "config.g"
diff --git a/src/Networking/HttpResponder.cpp b/src/Networking/HttpResponder.cpp
index 21dba593..a7b2da23 100644
--- a/src/Networking/HttpResponder.cpp
+++ b/src/Networking/HttpResponder.cpp
@@ -731,40 +731,44 @@ void HttpResponder::SendFile(const char* nameOfFileToSend, bool isWebFile)
 			nameOfFileToSend = INDEX_PAGE_FILE;
 		}
 
-		for (;;)
+		// OCSP requests can be very log and are generated by Kapersky AV. Reject them immediately to avoid "Filename too long" messages.
+		if (strlen(nameOfFileToSend) <= MaxExpectedWebDirFilenameLength)
 		{
-			// Try to open a gzipped version of the file first
-			if (!StringEndsWithIgnoreCase(nameOfFileToSend, ".gz") && strlen(nameOfFileToSend) + 3 <= MaxFilenameLength)
+			for (;;)
 			{
-				String<MaxFilenameLength> nameBuf;
-				nameBuf.copy(nameOfFileToSend);
-				nameBuf.cat(".gz");
-				fileToSend = GetPlatform().OpenFile(GetPlatform().GetWebDir(), nameBuf.c_str(), OpenMode::read);
+				// Try to open a gzipped version of the file first
+				if (!StringEndsWithIgnoreCase(nameOfFileToSend, ".gz") && strlen(nameOfFileToSend) + 3 <= MaxFilenameLength)
+				{
+					String<MaxFilenameLength> nameBuf;
+					nameBuf.copy(nameOfFileToSend);
+					nameBuf.cat(".gz");
+					fileToSend = GetPlatform().OpenFile(GetPlatform().GetWebDir(), nameBuf.c_str(), OpenMode::read);
+					if (fileToSend != nullptr)
+					{
+						zip = true;
+						break;
+					}
+				}
+
+				// That failed, so try to open the normal version of the file
+				fileToSend = GetPlatform().OpenFile(GetPlatform().GetWebDir(), nameOfFileToSend, OpenMode::read);
 				if (fileToSend != nullptr)
 				{
-					zip = true;
 					break;
 				}
-			}
 
-			// That failed, so try to open the normal version of the file
-			fileToSend = GetPlatform().OpenFile(GetPlatform().GetWebDir(), nameOfFileToSend, OpenMode::read);
-			if (fileToSend != nullptr)
-			{
-				break;
-			}
-
-			if (StringEqualsIgnoreCase(nameOfFileToSend, INDEX_PAGE_FILE))
-			{
-				nameOfFileToSend = OLD_INDEX_PAGE_FILE;			// the index file wasn't found, so try the old one
-			}
-			else if (!strchr(nameOfFileToSend, '.'))			// if we were asked to return a file without a '.' in the name, return the index page
-			{
-				nameOfFileToSend = INDEX_PAGE_FILE;
-			}
-			else
-			{
-				break;
+				if (StringEqualsIgnoreCase(nameOfFileToSend, INDEX_PAGE_FILE))
+				{
+					nameOfFileToSend = OLD_INDEX_PAGE_FILE;			// the index file wasn't found, so try the old one
+				}
+				else if (!strchr(nameOfFileToSend, '.'))			// if we were asked to return a file without a '.' in the name, return the index page
+				{
+					nameOfFileToSend = INDEX_PAGE_FILE;
+				}
+				else
+				{
+					break;
+				}
 			}
 		}