51 lines
1.5 KiB
Plaintext
51 lines
1.5 KiB
Plaintext
$OpenBSD: patch-src_reqs_c,v 1.1 2012/08/20 09:51:20 jasper Exp $
|
|
|
|
Security fix for CVE-2012-3505, tinyproxy: multiple headers hashmap DoS
|
|
Patch from https://bugzilla.redhat.com/show_bug.cgi?id=849368
|
|
CVE-2012-3505-tinyproxy-limit-headers.patch
|
|
|
|
--- src/reqs.c.orig Mon Feb 7 13:31:03 2011
|
|
+++ src/reqs.c Mon Aug 20 11:46:43 2012
|
|
@@ -610,6 +610,11 @@ add_header_to_connection (hashmap_t hashofheaders, cha
|
|
return hashmap_insert (hashofheaders, header, sep, len);
|
|
}
|
|
|
|
+/* define max number of headers. big enough to handle legitimate cases,
|
|
+ * but limited to avoid DoS
|
|
+ */
|
|
+#define MAX_HEADERS 10000
|
|
+
|
|
/*
|
|
* Read all the headers from the stream
|
|
*/
|
|
@@ -617,6 +622,7 @@ static int get_all_headers (int fd, hashmap_t hashofhe
|
|
{
|
|
char *line = NULL;
|
|
char *header = NULL;
|
|
+ int count;
|
|
char *tmp;
|
|
ssize_t linelen;
|
|
ssize_t len = 0;
|
|
@@ -625,7 +631,7 @@ static int get_all_headers (int fd, hashmap_t hashofhe
|
|
assert (fd >= 0);
|
|
assert (hashofheaders != NULL);
|
|
|
|
- for (;;) {
|
|
+ for (count = 0; count < MAX_HEADERS; count++) {
|
|
if ((linelen = readline (fd, &line)) <= 0) {
|
|
safefree (header);
|
|
safefree (line);
|
|
@@ -691,6 +697,12 @@ static int get_all_headers (int fd, hashmap_t hashofhe
|
|
|
|
safefree (line);
|
|
}
|
|
+
|
|
+ /* if we get there, this is we reached MAX_HEADERS count.
|
|
+ bail out with error */
|
|
+ safefree (header);
|
|
+ safefree (line);
|
|
+ return -1;
|
|
}
|
|
|
|
/*
|