]> www.dolda2000.com Git - ashd.git/commitdiff
Dolda2000 GitWeb / ashd.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aa7e440)
Imposed some limits on request parts.
authorFredrik Tolf <fredrik@dolda2000.com>
Sat, 30 Apr 2011 06:45:29 +0000 (08:45 +0200)
committerFredrik Tolf <fredrik@dolda2000.com>
Sat, 30 Apr 2011 06:45:29 +0000 (08:45 +0200)
lib/req.c patch | blob | blame | history
src/htparser.c patch | blob | blame | history

diff --git a/lib/req.c b/lib/req.c
index a3e727390948601f8300e63cda1e7a20c7e4e346..da8e3f0d8ffb463082a314762f4e1635bc2bc809 100644 (file)
--- a/lib/req.c
+++ b/lib/req.c
@@ -106,12 +106,16 @@ int parseheaders(struct hthead *head, FILE *in)
 {
     int c, state;
     struct charbuf name, val;
+    size_t tsz;
     
     bufinit(name);
     bufinit(val);
     state = 0;
+    tsz = 0;
     while(1) {
        c = fgetc(in);
+       if(++tsz >= 65536)
+           goto fail;
     again:
        if(state == 0) {
            if(c == '\r') {
diff --git a/src/htparser.c b/src/htparser.c
index 5179a25935a0e9f328e771edf8b159f32c988a42..1ed91754f78f36d62c6de672fb7c1a06a9a3fff8 100644 (file)
--- a/src/htparser.c
+++ b/src/htparser.c
@@ -77,6 +77,8 @@ static struct hthead *parsereq(FILE *in)
            goto fail;
        } else {
            bufadd(method, c);
+           if(method.d >= 128)
+               goto fail;
        }
     }
     while(1) {
@@ -87,6 +89,8 @@ static struct hthead *parsereq(FILE *in)
            goto fail;
        } else {
            bufadd(url, c);
+           if(url.d >= 65536)
+               goto fail;
        }
     }
     while(1) {
@@ -98,6 +102,8 @@ static struct hthead *parsereq(FILE *in)
            goto fail;
        } else {
            bufadd(ver, c);
+           if(ver.d >= 128)
+               goto fail;
        }
     }
     bufadd(method, 0);
A Sane HTTP Daemon