aboutsummaryrefslogtreecommitdiffstats
path: root/main/tinyproxy/limit_headers.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/tinyproxy/limit_headers.patch')
-rw-r--r--main/tinyproxy/limit_headers.patch46
1 files changed, 46 insertions, 0 deletions
diff --git a/main/tinyproxy/limit_headers.patch b/main/tinyproxy/limit_headers.patch
new file mode 100644
index 0000000000..1e3e7fb32b
--- /dev/null
+++ b/main/tinyproxy/limit_headers.patch
@@ -0,0 +1,46 @@
+diff --git a/src/reqs.c b/src/reqs.c
+index 2e13f48..ce46bf3 100644
+--- a/src/reqs.c
++++ b/src/reqs.c
+@@ -641,6 +641,11 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len)
+ return hashmap_insert (hashofheaders, header, sep, len);
+ }
+
++/* define max number of headers. big enough to handle legitimate cases,
++ * but limited to avoid DoS
++ */
++#define MAX_HEADERS 10000
++
+ /*
+ * Read all the headers from the stream
+ */
+@@ -648,6 +653,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
+ {
+ char *line = NULL;
+ char *header = NULL;
++ int count;
+ char *tmp;
+ ssize_t linelen;
+ ssize_t len = 0;
+@@ -656,7 +662,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
+ assert (fd >= 0);
+ assert (hashofheaders != NULL);
+
+- for (;;) {
++ for (count = 0; count < MAX_HEADERS; count++) {
+ if ((linelen = readline (fd, &line)) <= 0) {
+ safefree (header);
+ safefree (line);
+@@ -722,6 +728,12 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
+
+ safefree (line);
+ }
++
++ /* if we get there, this is we reached MAX_HEADERS count.
++ bail out with error */
++ safefree (header);
++ safefree (line);
++ return -1;
+ }
+
+ /*