From: Fredrik Tolf <fredrik@dolda2000.com>
Date: Sat, 30 Apr 2011 06:45:29 +0000 (+0200)
Subject: Imposed some limits on request parts.
X-Git-Tag: 0.8~5
X-Git-Url: http://www.dolda2000.com/gitweb/?p=ashd.git;a=commitdiff_plain;h=90b0ba0f9d93e454cc08a566b718abdcbfd0d9f6

Imposed some limits on request parts.
---

diff --git a/lib/req.c b/lib/req.c
index a3e7273..da8e3f0 100644
--- a/lib/req.c
+++ b/lib/req.c
@@ -106,12 +106,16 @@ int parseheaders(struct hthead *head, FILE *in)
 {
     int c, state;
     struct charbuf name, val;
+    size_t tsz;
     
     bufinit(name);
     bufinit(val);
     state = 0;
+    tsz = 0;
     while(1) {
 	c = fgetc(in);
+	if(++tsz >= 65536)
+	    goto fail;
     again:
 	if(state == 0) {
 	    if(c == '\r') {
diff --git a/src/htparser.c b/src/htparser.c
index 5179a25..1ed9175 100644
--- a/src/htparser.c
+++ b/src/htparser.c
@@ -77,6 +77,8 @@ static struct hthead *parsereq(FILE *in)
 	    goto fail;
 	} else {
 	    bufadd(method, c);
+	    if(method.d >= 128)
+		goto fail;
 	}
     }
     while(1) {
@@ -87,6 +89,8 @@ static struct hthead *parsereq(FILE *in)
 	    goto fail;
 	} else {
 	    bufadd(url, c);
+	    if(url.d >= 65536)
+		goto fail;
 	}
     }
     while(1) {
@@ -98,6 +102,8 @@ static struct hthead *parsereq(FILE *in)
 	    goto fail;
 	} else {
 	    bufadd(ver, c);
+	    if(ver.d >= 128)
+		goto fail;
 	}
     }
     bufadd(method, 0);