From d19c461e6114df8b7dae94f42586d6c77a885e51 Mon Sep 17 00:00:00 2001
From: Simon Cruanes <simon.cruanes.2007@m4x.org>
Date: Mon, 9 Feb 2026 04:11:46 +0000
Subject: [PATCH] test: add test for header size limit enforcement

---
 tests/unit/dune         |  2 +-
 tests/unit/t_headers.ml | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 tests/unit/t_headers.ml

diff --git a/tests/unit/dune b/tests/unit/dune
index bb3c8960..73ebe283 100644
--- a/tests/unit/dune
+++ b/tests/unit/dune
@@ -1,4 +1,4 @@
 (tests
- (names t_util t_buf t_server t_io t_response)
+ (names t_util t_buf t_server t_io t_response t_headers)
  (package tiny_httpd)
  (libraries tiny_httpd.core qcheck-core qcheck-core.runner test_util))
diff --git a/tests/unit/t_headers.ml b/tests/unit/t_headers.ml
new file mode 100644
index 00000000..7ef6bf3d
--- /dev/null
+++ b/tests/unit/t_headers.ml
@@ -0,0 +1,25 @@
+open Test_util
+open Tiny_httpd_core
+
+(* Test that header size limits are enforced *)
+let test_header_too_large () =
+  (* Create a header that's larger than 16KB *)
+  let large_value = String.make 20000 'x' in
+  let q =
+    "GET / HTTP/1.1\r\n\
+     Host: example.com\r\n\
+     X-Large: " ^ large_value ^ "\r\n\
+     \r\n"
+  in
+  let str = IO.Input.of_string q in
+  let client_addr = Unix.(ADDR_INET (inet_addr_loopback, 1024)) in
+  let buf = Buf.create () in
+  try
+    let _ = Request.Private_.parse_req_start_exn ~client_addr ~buf
+      ~get_time_s:(fun _ -> 0.) str in
+    failwith "should have failed with 431"
+  with Common_.Bad_req (431, _) ->
+    () (* expected *)
+
+let () =
+  test_header_too_large ()