bughz/tinyproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BB#110 limit the number of headers per request to prevent DoS

Browse Source 
Based on patch provided by gpernot@praksys.org on bugzilla.

Signed-off-by: Michael Adam <obnox@samba.org>
This commit is contained in:
Michael Adam 2013-03-15 13:10:01 +01:00
parent 308305d827
commit 545463c75d
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/reqs.c
View File

@ -596,6 +596,13 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len)
return hashmap_insert (hashofheaders, header, sep, len); return hashmap_insert (hashofheaders, header, sep, len);
} }
/*
* Define maximum number of headers that we accept.
* This should be big enough to handle legitimate cases,
* but limited to avoid DoS.
*/
#define MAX_HEADERS 10000
/* /*
* Read all the headers from the stream * Read all the headers from the stream
*/ */
@ -603,6 +610,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
{ {
char *line = NULL; char *line = NULL;
char *header = NULL; char *header = NULL;
int count;
char *tmp; char *tmp;
ssize_t linelen; ssize_t linelen;
ssize_t len = 0; ssize_t len = 0;
@ -611,7 +619,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
assert (fd >= 0); assert (fd >= 0);
assert (hashofheaders != NULL); assert (hashofheaders != NULL);
for (;;) { for (count = 0; count < MAX_HEADERS; count++) {
if ((linelen = readline (fd, &line)) <= 0) { if ((linelen = readline (fd, &line)) <= 0) {
safefree (header); safefree (header);
safefree (line); safefree (line);
@ -677,6 +685,14 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
safefree (line); safefree (line);
} }
/*
* If we get here, this means we reached MAX_HEADERS count.
* Bail out with error.
*/
safefree (header);
safefree (line);
return -1;
} }
/* /*