File 110-headerlimit.diff of Package tinyproxy

Overview Repositories Revisions Requests Users Attributes Meta

File 110-headerlimit.diff of Package tinyproxy

References: https://banu.com/bugzilla/show_bug.cgi?id=110
References: http://bugzilla.novell.com/776506

@@ -, +, @@ 
 prevent DoS
---
 src/reqs.c |   17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)
--- a/src/reqs.c	
+++ a/src/reqs.c	
@@ -611,12 +611,19 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len)
 }
 
 /*
+ * define max number of headers.
+ * big enough to handle legitimate cases, but limited to avoid DoS
+ */
+#define MAX_HEADERS 10000
+
+/*
  * Read all the headers from the stream
  */
 static int get_all_headers (int fd, hashmap_t hashofheaders)
 {
         char *line = NULL;
         char *header = NULL;
+        int count;
         char *tmp;
         ssize_t linelen;
         ssize_t len = 0;
@@ -625,7 +632,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
         assert (fd >= 0);
         assert (hashofheaders != NULL);
 
-        for (;;) {
+        for (count = 0; count < MAX_HEADERS; count++) {
                 if ((linelen = readline (fd, &line)) <= 0) {
                         safefree (header);
                         safefree (line);
@@ -691,6 +698,14 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
 
                 safefree (line);
         }
+
+        /*
+         * if we get there, this is we reached MAX_HEADERS count
+         * bail out with error
+         */
+        safefree (header);
+        safefree (line);
+        return -1;
 }
 
 /*
--

Places

File 110-headerlimit.diff of Package tinyproxy

Places