summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJoel Sherrill <joel.sherrill@OARcorp.com>2006-02-08 16:15:09 +0000
committerJoel Sherrill <joel.sherrill@OARcorp.com>2006-02-08 16:15:09 +0000
commit45a71c9d90effe4a91d6b4dbef8ae14651b39d6b (patch)
treeb3c34f9bc9c9e386d86c1ac0f08a375b99e19f75
parent2006-02-01 Joel Sherrill <joel@OARcorp.com> (diff)
downloadrtems-45a71c9d90effe4a91d6b4dbef8ae14651b39d6b.tar.bz2
2006-02-08 Thomas Rauscher <trauscher@loytec.com>
PR 890/networking * rtems_webserver/webs.c: The webservers enters an infinite loop when a POST request with less data than indicated in the Content-Length header is received. It also consumes additional heap memory and a file descriptor for each invalid POST.
Diffstat
-rw-r--r--c/src/libnetworking/ChangeLog8
-rw-r--r--c/src/libnetworking/rtems_webserver/webs.c5
2 files changed, 13 insertions, 0 deletions
diff --git a/c/src/libnetworking/ChangeLog b/c/src/libnetworking/ChangeLog
index d472e4ceaf..4478ef2d1e 100644
--- a/c/src/libnetworking/ChangeLog
+++ b/c/src/libnetworking/ChangeLog
@@ -1,3 +1,11 @@
+2006-02-08 Thomas Rauscher <trauscher@loytec.com>
+
+ PR 890/networking
+ * rtems_webserver/webs.c: The webservers enters an infinite loop when a
+ POST request with less data than indicated in the Content-Length
+ header is received. It also consumes additional heap memory and a
+ file descriptor for each invalid POST.
+
2005-05-20 Sergei Organov <osv@topconrd.ru>
PR 750/networking
diff --git a/c/src/libnetworking/rtems_webserver/webs.c b/c/src/libnetworking/rtems_webserver/webs.c
index 3181c602ec..e61c80f3ca 100644
--- a/c/src/libnetworking/rtems_webserver/webs.c
+++ b/c/src/libnetworking/rtems_webserver/webs.c
@@ -565,6 +565,11 @@ static int websGetInput(webs_t wp, char_t **ptext, int *pnbytes)
return -1;
} else if (nbytes == 0) { /* EOF or No data available */
+ /* Bugfix for POST DoS attack with invalid content length */
+ if (socketEof(wp->sid)) {
+ websDone(wp, 0);
+ }
+ /* End of bugfix */
return -1;
} else { /* Valid data */
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-26 12:05:27 +0000