diff options
author | Michael Adam <obnox@samba.org> | 2013-03-15 13:10:01 +0100 |
---|---|---|
committer | Michael Adam <obnox@samba.org> | 2014-12-13 01:28:07 +0100 |
commit | 545463c75d7f6ce5830f1ea98b030c935df729bf (patch) | |
tree | e1d0fe78e3486b8e308b598f73f5309809e72f06 | |
parent | 308305d82754087f856abd8725b6930ea0676cd7 (diff) | |
download | tinyproxy-545463c75d7f6ce5830f1ea98b030c935df729bf.tar.gz tinyproxy-545463c75d7f6ce5830f1ea98b030c935df729bf.zip |
BB#110 limit the number of headers per request to prevent DoS
Based on patch provided by gpernot@praksys.org on bugzilla.
Signed-off-by: Michael Adam <obnox@samba.org>
-rw-r--r-- | src/reqs.c | 18 |
1 files changed, 17 insertions, 1 deletions
@@ -597,12 +597,20 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len) } /* + * Define maximum number of headers that we accept. + * This should be big enough to handle legitimate cases, + * but limited to avoid DoS. + */ +#define MAX_HEADERS 10000 + +/* * Read all the headers from the stream */ static int get_all_headers (int fd, hashmap_t hashofheaders) { char *line = NULL; char *header = NULL; + int count; char *tmp; ssize_t linelen; ssize_t len = 0; @@ -611,7 +619,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders) assert (fd >= 0); assert (hashofheaders != NULL); - for (;;) { + for (count = 0; count < MAX_HEADERS; count++) { if ((linelen = readline (fd, &line)) <= 0) { safefree (header); safefree (line); @@ -677,6 +685,14 @@ static int get_all_headers (int fd, hashmap_t hashofheaders) safefree (line); } + + /* + * If we get here, this means we reached MAX_HEADERS count. + * Bail out with error. + */ + safefree (header); + safefree (line); + return -1; } /* |