From b62f990bf22261fe38aaba88fa4f646169431a34 Mon Sep 17 00:00:00 2001
From: yggverse <yggverse@project>
Date: Wed, 19 Mar 2025 03:12:43 +0200
Subject: [PATCH] fix codes, validate header len

---
 src/client/connection/response/certificate.rs       | 10 +++++++---
 src/client/connection/response/certificate/error.rs | 10 +++++++++-
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/client/connection/response/certificate.rs b/src/client/connection/response/certificate.rs
index e9f76c7..d78c133 100644
--- a/src/client/connection/response/certificate.rs
+++ b/src/client/connection/response/certificate.rs
@@ -1,9 +1,9 @@
 pub mod error;
 pub use error::Error;
 
-const REQUIRED: (u8, &str) = (10, "Certificate required");
-const NOT_AUTHORIZED: (u8, &str) = (11, "Certificate not authorized");
-const NOT_VALID: (u8, &str) = (11, "Certificate not valid");
+const REQUIRED: (u8, &str) = (60, "Certificate required");
+const NOT_AUTHORIZED: (u8, &str) = (61, "Certificate not authorized");
+const NOT_VALID: (u8, &str) = (62, "Certificate not valid");
 
 /// 6* status code group
 /// https://geminiprotocol.net/docs/protocol-specification.gmi#client-certificates
@@ -85,6 +85,10 @@ impl std::fmt::Display for Certificate {
 impl std::str::FromStr for Certificate {
     type Err = Error;
     fn from_str(header: &str) -> Result<Self, Self::Err> {
+        let len = header.len();
+        if len > super::HEADER_LEN {
+            return Err(Error::HeaderLen(len));
+        }
         if let Some(postfix) = header.strip_prefix("60") {
             return Ok(Self::Required {
                 header: header.to_string(),
diff --git a/src/client/connection/response/certificate/error.rs b/src/client/connection/response/certificate/error.rs
index 5cf1cf6..62f17d1 100644
--- a/src/client/connection/response/certificate/error.rs
+++ b/src/client/connection/response/certificate/error.rs
@@ -6,6 +6,7 @@ use std::{
 #[derive(Debug)]
 pub enum Error {
     Code,
+    HeaderLen(usize),
     Utf8Error(Utf8Error),
 }
 
@@ -13,7 +14,14 @@ impl Display for Error {
     fn fmt(&self, f: &mut Formatter) -> Result {
         match self {
             Self::Code => {
-                write!(f, "Status code error")
+                write!(f, "Unexpected status code")
+            }
+            Self::HeaderLen(l) => {
+                write!(
+                    f,
+                    "Header length reached protocol limit ({l} of {} bytes max)",
+                    super::super::HEADER_LEN
+                )
             }
             Self::Utf8Error(e) => {
                 write!(f, "UTF-8 error: {e}")