1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
--- a/src/reqs.c
+++ a/src/reqs.c
@@ -641,6 +641,11 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len)
return hashmap_insert (hashofheaders, header, sep, len);
}
+/* define max number of headers. big enough to handle legitimate cases,
+ * but limited to avoid DoS
+ */
+#define MAX_HEADERS 10000
+
/*
* Read all the headers from the stream
*/
@@ -648,6 +653,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
{
char *line = NULL;
char *header = NULL;
+ int count;
char *tmp;
ssize_t linelen;
ssize_t len = 0;
@@ -656,7 +662,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
assert (fd >= 0);
assert (hashofheaders != NULL);
- for (;;) {
+ for (count = 0; count < MAX_HEADERS; count++) {
if ((linelen = readline (fd, &line)) <= 0) {
safefree (header);
safefree (line);
@@ -722,6 +728,12 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
safefree (line);
}
+
+ /* if we get there, this is we reached MAX_HEADERS count.
+ bail out with error */
+ safefree (header);
+ safefree (line);
+ return -1;
}
/*
|
