openwrt-mirror/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2025-12-24 10:38:21 +04:00
Code Issues Packages Projects Releases Wiki Activity

tinyproxy: fix CVE-2012-3505

Browse Source 
Signed-off-by: Steven Barth <steven@midlink.org>
This commit is contained in:
Steven Barth
2014-08-11 12:37:29 +02:00
parent dfe5588e79
commit 3ed912434f
3 changed files with 146 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
net/tinyproxy/patches/CVE-2012-3505-tinyproxy-limit-headers.patch Normal file
View File

@@ -0,0 +1,44 @@
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -610,6 +610,11 @@ add_header_to_connection (hashmap_t hash
return hashmap_insert (hashofheaders, header, sep, len);
}
+/* define max number of headers. big enough to handle legitimate cases,
+ * but limited to avoid DoS
+ */
+#define MAX_HEADERS 10000
+
/*
* Read all the headers from the stream
*/
@@ -617,6 +622,7 @@ static int get_all_headers (int fd, hash
{
char *line = NULL;
char *header = NULL;
+ int count;
char *tmp;
ssize_t linelen;
ssize_t len = 0;
@@ -625,7 +631,7 @@ static int get_all_headers (int fd, hash
assert (fd >= 0);
assert (hashofheaders != NULL);
- for (;;) {
+ for (count = 0; count < MAX_HEADERS; count++) {
if ((linelen = readline (fd, &line)) <= 0) {
safefree (header);
safefree (line);
@@ -691,6 +697,12 @@ static int get_all_headers (int fd, hash
safefree (line);
}
+
+ /* if we get there, this is we reached MAX_HEADERS count.
+ bail out with error */
+ safefree (header);
+ safefree (line);
+ return -1;
}
/*