|
|
- --- a/src/reqs.c
- +++ b/src/reqs.c
- @@ -610,6 +610,11 @@ add_header_to_connection (hashmap_t hash
- return hashmap_insert (hashofheaders, header, sep, len);
- }
-
- +/* define max number of headers. big enough to handle legitimate cases,
- + * but limited to avoid DoS
- + */
- +#define MAX_HEADERS 10000
- +
- /*
- * Read all the headers from the stream
- */
- @@ -617,6 +622,7 @@ static int get_all_headers (int fd, hash
- {
- char *line = NULL;
- char *header = NULL;
- + int count;
- char *tmp;
- ssize_t linelen;
- ssize_t len = 0;
- @@ -625,7 +631,7 @@ static int get_all_headers (int fd, hash
- assert (fd >= 0);
- assert (hashofheaders != NULL);
-
- - for (;;) {
- + for (count = 0; count < MAX_HEADERS; count++) {
- if ((linelen = readline (fd, &line)) <= 0) {
- safefree (header);
- safefree (line);
- @@ -691,6 +697,12 @@ static int get_all_headers (int fd, hash
-
- safefree (line);
- }
- +
- + /* if we get there, this is we reached MAX_HEADERS count.
- + bail out with error */
- + safefree (header);
- + safefree (line);
- + return -1;
- }
-
- /*
|
