diff options
author | Joel Sherrill <joel.sherrill@OARcorp.com> | 2006-02-08 16:15:09 +0000 |
---|---|---|
committer | Joel Sherrill <joel.sherrill@OARcorp.com> | 2006-02-08 16:15:09 +0000 |
commit | 45a71c9d90effe4a91d6b4dbef8ae14651b39d6b (patch) | |
tree | b3c34f9bc9c9e386d86c1ac0f08a375b99e19f75 | |
parent | 2006-02-01 Joel Sherrill <joel@OARcorp.com> (diff) | |
download | rtems-45a71c9d90effe4a91d6b4dbef8ae14651b39d6b.tar.bz2 |
2006-02-08 Thomas Rauscher <trauscher@loytec.com>
PR 890/networking
* rtems_webserver/webs.c: The webservers enters an infinite loop when a
POST request with less data than indicated in the Content-Length
header is received. It also consumes additional heap memory and a
file descriptor for each invalid POST.
-rw-r--r-- | c/src/libnetworking/ChangeLog | 8 | ||||
-rw-r--r-- | c/src/libnetworking/rtems_webserver/webs.c | 5 |
2 files changed, 13 insertions, 0 deletions
diff --git a/c/src/libnetworking/ChangeLog b/c/src/libnetworking/ChangeLog index d472e4ceaf..4478ef2d1e 100644 --- a/c/src/libnetworking/ChangeLog +++ b/c/src/libnetworking/ChangeLog @@ -1,3 +1,11 @@ +2006-02-08 Thomas Rauscher <trauscher@loytec.com> + + PR 890/networking + * rtems_webserver/webs.c: The webservers enters an infinite loop when a + POST request with less data than indicated in the Content-Length + header is received. It also consumes additional heap memory and a + file descriptor for each invalid POST. + 2005-05-20 Sergei Organov <osv@topconrd.ru> PR 750/networking diff --git a/c/src/libnetworking/rtems_webserver/webs.c b/c/src/libnetworking/rtems_webserver/webs.c index 3181c602ec..e61c80f3ca 100644 --- a/c/src/libnetworking/rtems_webserver/webs.c +++ b/c/src/libnetworking/rtems_webserver/webs.c @@ -565,6 +565,11 @@ static int websGetInput(webs_t wp, char_t **ptext, int *pnbytes) return -1; } else if (nbytes == 0) { /* EOF or No data available */ + /* Bugfix for POST DoS attack with invalid content length */ + if (socketEof(wp->sid)) { + websDone(wp, 0); + } + /* End of bugfix */ return -1; } else { /* Valid data */ |