From 2eaf499375918fca4055c9463263ea48078370b0 Mon Sep 17 00:00:00 2001
From: Joel Sherrill <joel.sherrill@OARcorp.com>
Date: Wed, 8 Feb 2006 16:16:42 +0000
Subject: 2006-02-08	Thomas Rauscher  <trauscher@loytec.com>

	PR 890/networking
	* httpd/webs.c: The webservers enters an infinite loop when a POST
	request with less data than indicated in the Content-Length header is
	received. It also consumes additional heap memory and a file
	descriptor for each invalid POST.
---
 cpukit/httpd/webs.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'cpukit/httpd')

diff --git a/cpukit/httpd/webs.c b/cpukit/httpd/webs.c
index 9073fe8b7c..4465a72afe 100644
--- a/cpukit/httpd/webs.c
+++ b/cpukit/httpd/webs.c
@@ -583,6 +583,11 @@ static int websGetInput(webs_t wp, char_t **ptext, int *pnbytes)
 			return -1;
 
 		}  else if (nbytes == 0) {				/* EOF or No data available */
+	                /* Bugfix for POST DoS attack with invalid content length */
+                  	if (socketEof(wp->sid)) {
+                    		websDone(wp, 0);
+                  	}
+	                /* End of bugfix */
 			return -1;
 
 		} else {								/* Valid data */
-- 
cgit v1.2.3