diff options
-rw-r--r-- | cpukit/ChangeLog | 8 | ||||
-rw-r--r-- | cpukit/httpd/webs.c | 5 |
2 files changed, 13 insertions, 0 deletions
diff --git a/cpukit/ChangeLog b/cpukit/ChangeLog index 4ceacdd4c3..6b871c3776 100644 --- a/cpukit/ChangeLog +++ b/cpukit/ChangeLog @@ -1,3 +1,11 @@ +2006-02-08 Thomas Rauscher <trauscher@loytec.com> + + PR 890/networking + * httpd/webs.c: The webservers enters an infinite loop when a POST + request with less data than indicated in the Content-Length header is + received. It also consumes additional heap memory and a file + descriptor for each invalid POST. + 2006-02-01 Joel Sherrill <joel@OARcorp.com> * posix/inline/rtems/posix/cond.inl, posix/macros/rtems/posix/cond.inl, diff --git a/cpukit/httpd/webs.c b/cpukit/httpd/webs.c index 9073fe8b7c..4465a72afe 100644 --- a/cpukit/httpd/webs.c +++ b/cpukit/httpd/webs.c @@ -583,6 +583,11 @@ static int websGetInput(webs_t wp, char_t **ptext, int *pnbytes) return -1; } else if (nbytes == 0) { /* EOF or No data available */ + /* Bugfix for POST DoS attack with invalid content length */ + if (socketEof(wp->sid)) { + websDone(wp, 0); + } + /* End of bugfix */ return -1; } else { /* Valid data */ |