summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2013-03-15 13:10:01 +0100
committerMichael Adam <obnox@samba.org>2014-12-13 01:28:07 +0100
commit545463c75d7f6ce5830f1ea98b030c935df729bf (patch)
treee1d0fe78e3486b8e308b598f73f5309809e72f06
parent308305d82754087f856abd8725b6930ea0676cd7 (diff)
downloadtinyproxy-545463c75d7f6ce5830f1ea98b030c935df729bf.tar.gz
tinyproxy-545463c75d7f6ce5830f1ea98b030c935df729bf.zip
BB#110 limit the number of headers per request to prevent DoS
Based on patch provided by gpernot@praksys.org on bugzilla. Signed-off-by: Michael Adam <obnox@samba.org>
-rw-r--r--src/reqs.c18
1 files changed, 17 insertions, 1 deletions
diff --git a/src/reqs.c b/src/reqs.c
index 6a4b365..10ada84 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -597,12 +597,20 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len)
}
/*
+ * Define maximum number of headers that we accept.
+ * This should be big enough to handle legitimate cases,
+ * but limited to avoid DoS.
+ */
+#define MAX_HEADERS 10000
+
+/*
* Read all the headers from the stream
*/
static int get_all_headers (int fd, hashmap_t hashofheaders)
{
char *line = NULL;
char *header = NULL;
+ int count;
char *tmp;
ssize_t linelen;
ssize_t len = 0;
@@ -611,7 +619,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
assert (fd >= 0);
assert (hashofheaders != NULL);
- for (;;) {
+ for (count = 0; count < MAX_HEADERS; count++) {
if ((linelen = readline (fd, &line)) <= 0) {
safefree (header);
safefree (line);
@@ -677,6 +685,14 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
safefree (line);
}
+
+ /*
+ * If we get here, this means we reached MAX_HEADERS count.
+ * Bail out with error.
+ */
+ safefree (header);
+ safefree (line);
+ return -1;
}
/*