main/tinyproxy: fix CVE-2012-3505

fixes #1515

1 files changed, 46 insertions, 0 deletions

diff --git a/main/tinyproxy/limit_headers.patch b/main/tinyproxy/limit_headers.patch
new file mode 100644
index 000000000..1e3e7fb32
--- /dev/null
+++ b/main/tinyproxy/limit_headers.patch
@@ -0,0 +1,46 @@
+diff --git a/src/reqs.c b/src/reqs.c
+index 2e13f48..ce46bf3 100644
+--- a/src/reqs.c
++++ b/src/reqs.c
+@@ -641,6 +641,11 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len)
+         return hashmap_insert (hashofheaders, header, sep, len);
+ }
+ 
++/* define max number of headers. big enough to handle legitimate cases,
++ * but limited to avoid DoS 
++ */
++#define MAX_HEADERS 10000
++
+ /*
+  * Read all the headers from the stream
+  */
+@@ -648,6 +653,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
+ {
+         char *line = NULL;
+         char *header = NULL;
++	int count;
+         char *tmp;
+         ssize_t linelen;
+         ssize_t len = 0;
+@@ -656,7 +662,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
+         assert (fd >= 0);
+         assert (hashofheaders != NULL);
+ 
+-        for (;;) {
++        for (count = 0; count < MAX_HEADERS; count++) {
+                 if ((linelen = readline (fd, &line)) <= 0) {
+                         safefree (header);
+                         safefree (line);
+@@ -722,6 +728,12 @@ static int get_all_headers (int fd, hashmap_t hashofheaders)
+ 
+                 safefree (line);
+         }
++
++	/* if we get there, this is we reached MAX_HEADERS count.
++	   bail out with error */
++	safefree (header);
++	safefree (line);
++	return -1;
+ }
+ 
+ /*