CVE-2012-3505-tinyproxy-limit-headers.patch 1.2 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344
  1. --- a/src/reqs.c
  2. +++ b/src/reqs.c
  3. @@ -610,6 +610,11 @@ add_header_to_connection (hashmap_t hash
  4. return hashmap_insert (hashofheaders, header, sep, len);
  5. }
  6. +/* define max number of headers. big enough to handle legitimate cases,
  7. + * but limited to avoid DoS
  8. + */
  9. +#define MAX_HEADERS 10000
  10. +
  11. /*
  12. * Read all the headers from the stream
  13. */
  14. @@ -617,6 +622,7 @@ static int get_all_headers (int fd, hash
  15. {
  16. char *line = NULL;
  17. char *header = NULL;
  18. + int count;
  19. char *tmp;
  20. ssize_t linelen;
  21. ssize_t len = 0;
  22. @@ -625,7 +631,7 @@ static int get_all_headers (int fd, hash
  23. assert (fd >= 0);
  24. assert (hashofheaders != NULL);
  25. - for (;;) {
  26. + for (count = 0; count < MAX_HEADERS; count++) {
  27. if ((linelen = readline (fd, &line)) <= 0) {
  28. safefree (header);
  29. safefree (line);
  30. @@ -691,6 +697,12 @@ static int get_all_headers (int fd, hash
  31. safefree (line);
  32. }
  33. +
  34. + /* if we get there, this is we reached MAX_HEADERS count.
  35. + bail out with error */
  36. + safefree (header);
  37. + safefree (line);
  38. + return -1;
  39. }
  40. /*