diff options
author | Joel Sherrill <joel.sherrill@OARcorp.com> | 2006-02-08 16:16:42 +0000 |
---|---|---|
committer | Joel Sherrill <joel.sherrill@OARcorp.com> | 2006-02-08 16:16:42 +0000 |
commit | 2eaf499375918fca4055c9463263ea48078370b0 (patch) | |
tree | 26f0c476e710f8f340f07fb9138bc58f559e8205 /cpukit | |
parent | 2006-02-08 Joel Sherrill <joel@OARcorp.com> (diff) | |
download | rtems-2eaf499375918fca4055c9463263ea48078370b0.tar.bz2 |
2006-02-08 Thomas Rauscher <trauscher@loytec.com>
PR 890/networking
* httpd/webs.c: The webservers enters an infinite loop when a POST
request with less data than indicated in the Content-Length header is
received. It also consumes additional heap memory and a file
descriptor for each invalid POST.
Diffstat (limited to 'cpukit')
-rw-r--r-- | cpukit/ChangeLog | 8 | ||||
-rw-r--r-- | cpukit/httpd/webs.c | 5 |
2 files changed, 13 insertions, 0 deletions
diff --git a/cpukit/ChangeLog b/cpukit/ChangeLog index 4ceacdd4c3..6b871c3776 100644 --- a/cpukit/ChangeLog +++ b/cpukit/ChangeLog @@ -1,3 +1,11 @@ +2006-02-08 Thomas Rauscher <trauscher@loytec.com> + + PR 890/networking + * httpd/webs.c: The webservers enters an infinite loop when a POST + request with less data than indicated in the Content-Length header is + received. It also consumes additional heap memory and a file + descriptor for each invalid POST. + 2006-02-01 Joel Sherrill <joel@OARcorp.com> * posix/inline/rtems/posix/cond.inl, posix/macros/rtems/posix/cond.inl, diff --git a/cpukit/httpd/webs.c b/cpukit/httpd/webs.c index 9073fe8b7c..4465a72afe 100644 --- a/cpukit/httpd/webs.c +++ b/cpukit/httpd/webs.c @@ -583,6 +583,11 @@ static int websGetInput(webs_t wp, char_t **ptext, int *pnbytes) return -1; } else if (nbytes == 0) { /* EOF or No data available */ + /* Bugfix for POST DoS attack with invalid content length */ + if (socketEof(wp->sid)) { + websDone(wp, 0); + } + /* End of bugfix */ return -1; } else { /* Valid data */ |