BB#110 limit the number of headers per request to prevent DoS

Based on patch provided by gpernot@praksys.org on bugzilla.

Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 545463c75d)
This commit is contained in:
Michael Adam 2013-03-15 13:10:01 +01:00
parent 8845bdbff7
commit c348513095

View File

@ -596,6 +596,13 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len)
return hashmap_insert (hashofheaders, header, sep, len);
}
/*
* Define maximum number of headers that we accept.
* This should be big enough to handle legitimate cases,
* but limited to avoid DoS.
*/
#define MAX_HEADERS 10000
/*
* Read all the headers from the stream
*/
@ -603,6 +610,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
{
char *line = NULL;
char *header = NULL;
int count;
char *tmp;
ssize_t linelen;
ssize_t len = 0;
@ -611,7 +619,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
assert (fd >= 0);
assert (hashofheaders != NULL);
for (;;) {
for (count = 0; count < MAX_HEADERS; count++) {
if ((linelen = readline (fd, &line)) <= 0) {
safefree (header);
safefree (line);
@ -677,6 +685,14 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
safefree (line);
}
/*
* If we get here, this means we reached MAX_HEADERS count.
* Bail out with error.
*/
safefree (header);
safefree (line);
return -1;
}
/*