httpd: reject incoming requests bodies over 64k

44b7c126 · Rémi Denis-Courmont · 5fae41f3 · 44b7c126
Commit 44b7c126 authored Aug 25, 2014 by Rémi Denis-Courmont
Show whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

src/network/httpd.c src/network/httpd.c +5 -1

No files found.
--- a/src/network/httpd.c
+++ b/src/network/httpd.c
@@ -1349,6 +1349,7 @@ static void httpd_ClientRecv(httpd_client_t *cl)
        }
    } else if (cl->query.i_body > 0) {
        /* we are reading the body of a request or a channel */
+        assert (cl->query.p_body != NULL);
        i_len = httpd_NetRecv(cl, &cl->query.p_body[cl->i_buffer],
                               cl->query.i_body - cl->i_buffer);
        if (i_len > 0)
@@ -1541,7 +1542,10 @@ static void httpd_ClientRecv(httpd_client_t *cl)
                /* TODO Mhh, handle the case where the client only
                 * sends a request and closes the connection to
                 * mark the end of the body (probably only RTSP) */
+                if (cl->query.i_body >= 65536)
                    cl->query.p_body = malloc(cl->query.i_body);
+                else
+                    cl->query.p_body = NULL;
                cl->i_buffer = 0;
                if (!cl->query.p_body) {
                    switch (cl->query.i_proto) {