]> git.ipfire.org Git - thirdparty/asterisk.git/commitdiff
projects / thirdparty / asterisk.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b844477)
http.c: Give HTTP error response when received lines are too long.
authorRichard Mudgett <rmudgett@digium.com>
Thu, 30 Aug 2018 19:42:06 +0000 (14:42 -0500)
committerRichard Mudgett <rmudgett@digium.com>
Thu, 30 Aug 2018 22:20:57 +0000 (17:20 -0500)
Added a check when we receive a HTTP request line or header line that is
too long.  We now return an error response to the sender because we are
not able to process the request.

Change-Id: I6df2705435fd7dde4d5d3bdf7acec859cfb7c12d

main/http.c patch | blob | blame | history

diff --git a/main/http.c b/main/http.c
index 30b2fe2c46937220b07a12344269a30839c92a5f..77b90574530d9713990508919202c1d5f8fe3632 100644 (file)
--- a/main/http.c
+++ b/main/http.c
@@ -1740,13 +1740,21 @@ static int http_request_headers_get(struct ast_tcptls_session_instance *ser, str
 
        remaining_headers = MAX_HTTP_REQUEST_HEADERS;
        for (;;) {
+               ssize_t len;
                char *name;
                char *value;
 
-               if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) {
+               len = ast_iostream_gets(ser->stream, header_line, sizeof(header_line));
+               if (len <= 0) {
                        ast_http_error(ser, 400, "Bad Request", "Timeout");
                        return -1;
                }
+               if (header_line[len - 1] != '\n') {
+                       /* We didn't get a full line */
+                       ast_http_error(ser, 400, "Bad Request",
+                               (len == sizeof(header_line) - 1) ? "Header line too long" : "Timeout");
+                       return -1;
+               }
 
                /* Trim trailing characters */
                ast_trim_blanks(header_line);
@@ -1815,9 +1823,11 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
        struct http_worker_private_data *request;
        enum ast_http_method http_method = AST_HTTP_UNKNOWN;
        int res;
+       ssize_t len;
        char request_line[MAX_HTTP_LINE_LENGTH];
 
-       if (ast_iostream_gets(ser->stream, request_line, sizeof(request_line)) <= 0) {
+       len = ast_iostream_gets(ser->stream, request_line, sizeof(request_line));
+       if (len <= 0) {
                return -1;
        }
 
@@ -1825,6 +1835,13 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
        request = ser->private_data;
        http_request_tracking_init(request);
 
+       if (request_line[len - 1] != '\n') {
+               /* We didn't get a full line */
+               ast_http_error(ser, 400, "Bad Request",
+                       (len == sizeof(request_line) - 1) ? "Request line too long" : "Timeout");
+               return -1;
+       }
+
        /* Get method */
        method = ast_skip_blanks(request_line);
        uri = ast_skip_nonblanks(method);
Mirror of https://github.com/asterisk/asterisk.git