Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/libexec/httpd Check against BOZO_HEADERS_MAX_SIZE in a way t...
details: https://anonhg.NetBSD.org/src/rev/996e1d55ac69
branches: trunk
changeset: 446701:996e1d55ac69
user: maya <maya%NetBSD.org@localhost>
date: Sat Dec 15 01:02:34 2018 +0000
description:
Check against BOZO_HEADERS_MAX_SIZE in a way that isn't prone to overflow.
Note that this isn't reachable in practice as big requests time out.
diffstat:
libexec/httpd/bozohttpd.c | 12 +++++++-----
1 files changed, 7 insertions(+), 5 deletions(-)
diffs (28 lines):
diff -r d6ced674f873 -r 996e1d55ac69 libexec/httpd/bozohttpd.c
--- a/libexec/httpd/bozohttpd.c Fri Dec 14 23:57:22 2018 +0000
+++ b/libexec/httpd/bozohttpd.c Sat Dec 15 01:02:34 2018 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: bozohttpd.c,v 1.101 2018/12/04 02:52:42 mrg Exp $ */
+/* $NetBSD: bozohttpd.c,v 1.102 2018/12/15 01:02:34 maya Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
@@ -585,12 +585,14 @@
static int
bozo_got_header_length(bozo_httpreq_t *request, size_t len)
{
+
+ if (len > BOZO_HEADERS_MAX_SIZE - request->hr_header_bytes)
+ return bozo_http_error(request->hr_httpd, 413, request,
+ "too many headers");
+
request->hr_header_bytes += len;
- if (request->hr_header_bytes < BOZO_HEADERS_MAX_SIZE)
- return 0;
- return bozo_http_error(request->hr_httpd, 413, request,
- "too many headers");
+ return 0;
}
/*
Home |
Main Index |
Thread Index |
Old Index