httpd: reject incoming requests bodies over 64k

(cherry picked from commit 44b7c126c6d2a2002758c12db2f0bb89dc328a3c)

httpd: reject incoming requests bodies over 64k
(cherry picked from commit 44b7c126c6d2a2002758c12db2f0bb89dc328a3c)
1952b89f · Rémi Denis-Courmont · 7153f2b3 · 1952b89f
Commit 1952b89f authored Aug 25, 2014 by Rémi Denis-Courmont
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

src/network/httpd.c src/network/httpd.c +5 -1

No files found.
--- a/src/network/httpd.c
+++ b/src/network/httpd.c
@@ -1373,6 +1373,7 @@ static void httpd_ClientRecv(httpd_client_t *cl)
        }
    } else if (cl->query.i_body > 0) {
        /* we are reading the body of a request or a channel */
+        assert (cl->query.p_body != NULL);
        i_len = httpd_NetRecv(cl, &cl->query.p_body[cl->i_buffer],
                               cl->query.i_body - cl->i_buffer);
        if (i_len > 0)
@@ -1565,7 +1566,10 @@ static void httpd_ClientRecv(httpd_client_t *cl)
                /* TODO Mhh, handle the case where the client only
                 * sends a request and closes the connection to
                 * mark the end of the body (probably only RTSP) */
-                cl->query.p_body = malloc(cl->query.i_body);
+                if (cl->query.i_body >= 65536)
+                    cl->query.p_body = malloc(cl->query.i_body);
+                else
+                    cl->query.p_body = NULL;
                cl->i_buffer = 0;
                if (!cl->query.p_body) {
                    switch (cl->query.i_proto) {