Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/libexec/httpd Check against BOZO_HEADERS_MAX_SIZE in a way t...



details:   https://anonhg.NetBSD.org/src/rev/996e1d55ac69
branches:  trunk
changeset: 446701:996e1d55ac69
user:      maya <maya%NetBSD.org@localhost>
date:      Sat Dec 15 01:02:34 2018 +0000

description:
Check against BOZO_HEADERS_MAX_SIZE in a way that isn't prone to overflow.
Note that this isn't reachable in practice as big requests time out.

diffstat:

 libexec/httpd/bozohttpd.c |  12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

diffs (28 lines):

diff -r d6ced674f873 -r 996e1d55ac69 libexec/httpd/bozohttpd.c
--- a/libexec/httpd/bozohttpd.c Fri Dec 14 23:57:22 2018 +0000
+++ b/libexec/httpd/bozohttpd.c Sat Dec 15 01:02:34 2018 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bozohttpd.c,v 1.101 2018/12/04 02:52:42 mrg Exp $      */
+/*     $NetBSD: bozohttpd.c,v 1.102 2018/12/15 01:02:34 maya Exp $     */
 
 /*     $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $      */
 
@@ -585,12 +585,14 @@
 static int
 bozo_got_header_length(bozo_httpreq_t *request, size_t len)
 {
+
+       if (len > BOZO_HEADERS_MAX_SIZE - request->hr_header_bytes)
+               return bozo_http_error(request->hr_httpd, 413, request,
+                       "too many headers");
+
        request->hr_header_bytes += len;
-       if (request->hr_header_bytes < BOZO_HEADERS_MAX_SIZE)
-               return 0;
 
-       return bozo_http_error(request->hr_httpd, 413, request,
-               "too many headers");
+       return 0;
 }
 
 /*



Home | Main Index | Thread Index | Old Index