From 45a71c9d90effe4a91d6b4dbef8ae14651b39d6b Mon Sep 17 00:00:00 2001 From: Joel Sherrill Date: Wed, 8 Feb 2006 16:15:09 +0000 Subject: 2006-02-08 Thomas Rauscher PR 890/networking * rtems_webserver/webs.c: The webservers enters an infinite loop when a POST request with less data than indicated in the Content-Length header is received. It also consumes additional heap memory and a file descriptor for each invalid POST. --- c/src/libnetworking/ChangeLog | 8 ++++++++ c/src/libnetworking/rtems_webserver/webs.c | 5 +++++ 2 files changed, 13 insertions(+) diff --git a/c/src/libnetworking/ChangeLog b/c/src/libnetworking/ChangeLog index d472e4ceaf..4478ef2d1e 100644 --- a/c/src/libnetworking/ChangeLog +++ b/c/src/libnetworking/ChangeLog @@ -1,3 +1,11 @@ +2006-02-08 Thomas Rauscher + + PR 890/networking + * rtems_webserver/webs.c: The webservers enters an infinite loop when a + POST request with less data than indicated in the Content-Length + header is received. It also consumes additional heap memory and a + file descriptor for each invalid POST. + 2005-05-20 Sergei Organov PR 750/networking diff --git a/c/src/libnetworking/rtems_webserver/webs.c b/c/src/libnetworking/rtems_webserver/webs.c index 3181c602ec..e61c80f3ca 100644 --- a/c/src/libnetworking/rtems_webserver/webs.c +++ b/c/src/libnetworking/rtems_webserver/webs.c @@ -565,6 +565,11 @@ static int websGetInput(webs_t wp, char_t **ptext, int *pnbytes) return -1; } else if (nbytes == 0) { /* EOF or No data available */ + /* Bugfix for POST DoS attack with invalid content length */ + if (socketEof(wp->sid)) { + websDone(wp, 0); + } + /* End of bugfix */ return -1; } else { /* Valid data */ -- cgit v1.2.3