simono41/shellinabox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fixed handling of large HTTP requests

Browse source 
* Protection against large HTTP requests was fixed by adding some null
  pointer checks. Too large HTTP requests are now correctly handled by
  returning error code and closing connection.
This commit is contained in:
KLuka 2015-08-26 23:20:28 +02:00
parent 6c9f98bf34
commit 48a65d6bcb
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
libhttp/httpconnection.c
View file

@ -609,7 +609,7 @@ void httpTransfer(struct HttpConnection *http, char *msg, int len) {
// Found the end of the headers. // Found the end of the headers.
// Check that we don't send any data with HEAD requests // Check that we don't send any data with HEAD requests
int isHead = !strcmp(http->method, "HEAD"); int isHead = http->method && !strcmp(http->method, "HEAD");
check(l == 2 || !isHead); check(l == 2 || !isHead);
#ifdef HAVE_ZLIB #ifdef HAVE_ZLIB
@ -1421,6 +1421,7 @@ int httpHandleConnection(struct ServerConnection *connection, void *http_,
if (bytes > 0) { if (bytes > 0) {
http->headerLength += bytes; http->headerLength += bytes;
if (http->headerLength > MAX_HEADER_LENGTH) { if (http->headerLength > MAX_HEADER_LENGTH) {
debug("[http] Connection closed due to exceeded header size!");
httpSendReply(http, 413, "Header too big", NO_MSG); httpSendReply(http, 413, "Header too big", NO_MSG);
bytes = 0; bytes = 0;
eof = 1; eof = 1;
@ -1782,7 +1783,7 @@ void httpSendReply(struct HttpConnection *http, int code,
code != 200 ? "Connection: close\r\n" : "", code != 200 ? "Connection: close\r\n" : "",
(long)strlen(body)); (long)strlen(body));
} }
int isHead = !strcmp(http->method, "HEAD"); int isHead = http->method && !strcmp(http->method, "HEAD");
if (!isHead) { if (!isHead) {
response = stringPrintf(response, "%s", body); response = stringPrintf(response, "%s", body);
} }