diff options
author | Joel Sherrill <joel.sherrill@OARcorp.com> | 2006-02-08 16:16:42 +0000 |
---|---|---|
committer | Joel Sherrill <joel.sherrill@OARcorp.com> | 2006-02-08 16:16:42 +0000 |
commit | 2eaf499375918fca4055c9463263ea48078370b0 (patch) | |
tree | 26f0c476e710f8f340f07fb9138bc58f559e8205 /cpukit/httpd | |
parent | 2006-02-08 Joel Sherrill <joel@OARcorp.com> (diff) | |
download | rtems-2eaf499375918fca4055c9463263ea48078370b0.tar.bz2 |
2006-02-08 Thomas Rauscher <trauscher@loytec.com>
PR 890/networking
* httpd/webs.c: The webservers enters an infinite loop when a POST
request with less data than indicated in the Content-Length header is
received. It also consumes additional heap memory and a file
descriptor for each invalid POST.
Diffstat (limited to 'cpukit/httpd')
-rw-r--r-- | cpukit/httpd/webs.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/cpukit/httpd/webs.c b/cpukit/httpd/webs.c index 9073fe8b7c..4465a72afe 100644 --- a/cpukit/httpd/webs.c +++ b/cpukit/httpd/webs.c @@ -583,6 +583,11 @@ static int websGetInput(webs_t wp, char_t **ptext, int *pnbytes) return -1; } else if (nbytes == 0) { /* EOF or No data available */ + /* Bugfix for POST DoS attack with invalid content length */ + if (socketEof(wp->sid)) { + websDone(wp, 0); + } + /* End of bugfix */ return -1; } else { /* Valid data */ |