From d7c55cd683734666163de29824806a7096e998b3 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Thu, 6 Dec 2012 20:41:34 +0000 Subject: main/tinyproxy: fix CVE-2012-3505 fixes #1515 --- main/tinyproxy/limit_headers.patch | 46 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 main/tinyproxy/limit_headers.patch (limited to 'main/tinyproxy/limit_headers.patch') diff --git a/main/tinyproxy/limit_headers.patch b/main/tinyproxy/limit_headers.patch new file mode 100644 index 000000000..1e3e7fb32 --- /dev/null +++ b/main/tinyproxy/limit_headers.patch @@ -0,0 +1,46 @@ +diff --git a/src/reqs.c b/src/reqs.c +index 2e13f48..ce46bf3 100644 +--- a/src/reqs.c ++++ b/src/reqs.c +@@ -641,6 +641,11 @@ add_header_to_connection (hashmap_t hashofheaders, char *header, size_t len) + return hashmap_insert (hashofheaders, header, sep, len); + } + ++/* define max number of headers. big enough to handle legitimate cases, ++ * but limited to avoid DoS ++ */ ++#define MAX_HEADERS 10000 ++ + /* + * Read all the headers from the stream + */ +@@ -648,6 +653,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders) + { + char *line = NULL; + char *header = NULL; ++ int count; + char *tmp; + ssize_t linelen; + ssize_t len = 0; +@@ -656,7 +662,7 @@ static int get_all_headers (int fd, hashmap_t hashofheaders) + assert (fd >= 0); + assert (hashofheaders != NULL); + +- for (;;) { ++ for (count = 0; count < MAX_HEADERS; count++) { + if ((linelen = readline (fd, &line)) <= 0) { + safefree (header); + safefree (line); +@@ -722,6 +728,12 @@ static int get_all_headers (int fd, hashmap_t hashofheaders) + + safefree (line); + } ++ ++ /* if we get there, this is we reached MAX_HEADERS count. ++ bail out with error */ ++ safefree (header); ++ safefree (line); ++ return -1; + } + + /* -- cgit v1.2.3