1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
diff --git a/src/reqs.c b/src/reqs.c
index bc77f8c..f33c450 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -864,6 +864,11 @@ add_header_to_connection(hashmap_t hashofheaders, char *header, size_t len)
return hashmap_insert(hashofheaders, header, sep, len);
}
+/* define max number of headers. big enough to handle legitimate cases,
+ * but limited to avoid DoS
+ */
+#define MAX_HEADERS 10000
+
/*
* Read all the headers from the stream
*/
@@ -873,11 +878,12 @@ get_all_headers(int fd, hashmap_t hashofheaders)
char *header;
ssize_t len;
unsigned int double_cgi = FALSE; /* boolean */
+ int count;
assert(fd >= 0);
assert(hashofheaders != NULL);
- for (;;) {
+ for (count = 0; count < MAX_HEADERS; count++) {
if ((len = readline(fd, &header)) <= 0) {
safefree(header);
return -1;
@@ -918,6 +924,11 @@ get_all_headers(int fd, hashmap_t hashofheaders)
safefree(header);
}
+
+ /* if we get there, this is we reached MAX_HEADERS count.
+ bail out with error */
+ safefree (header);
+ return -1;
}
/*
|
