Fossil SCM

Limit the number of query parameters that the CGI processor will handle before giving up, to make DOS attacks harder.

drh 2012-01-12 00:44 trunk

Commit 2827d449a994c928f9bf347ed9c2c4cee400a59c

Parent bcd718e924ad5c5…

1 file changed +4

M src/cgi.c

+4

		--- src/cgi.c
		+++ src/cgi.c
		@@ -410,10 +410,14 @@
410	410	** deallocated after this routine returns.
411	411	*/
412	412	void cgi_set_parameter_nocopy(const char zName, const char zValue){
413	413	if( nAllocQP<=nUsedQP ){
414	414	nAllocQP = nAllocQP*2 + 10;
	415	+ if( nAllocQP>1000 ){
	416	+ /* Prevent a DOS service attack against the framework */
	417	+ fossil_fatal("Too many query parameters");
	418	+ }
415	419	aParamQP = fossil_realloc( aParamQP, nAllocQP*sizeof(aParamQP[0]) );
416	420	}
417	421	aParamQP[nUsedQP].zName = zName;
418	422	aParamQP[nUsedQP].zValue = zValue;
419	423	if( g.fHttpTrace ){
420	424

	--- src/cgi.c
	+++ src/cgi.c
	@@ -410,10 +410,14 @@
410	** deallocated after this routine returns.
411	*/
412	void cgi_set_parameter_nocopy(const char zName, const char zValue){
413	if( nAllocQP<=nUsedQP ){
414	nAllocQP = nAllocQP*2 + 10;




415	aParamQP = fossil_realloc( aParamQP, nAllocQP*sizeof(aParamQP[0]) );
416	}
417	aParamQP[nUsedQP].zName = zName;
418	aParamQP[nUsedQP].zValue = zValue;
419	if( g.fHttpTrace ){
420

	--- src/cgi.c
	+++ src/cgi.c
	@@ -410,10 +410,14 @@
410	** deallocated after this routine returns.
411	*/
412	void cgi_set_parameter_nocopy(const char zName, const char zValue){
413	if( nAllocQP<=nUsedQP ){
414	nAllocQP = nAllocQP*2 + 10;
415	if( nAllocQP>1000 ){
416	/* Prevent a DOS service attack against the framework */
417	fossil_fatal("Too many query parameters");
418	}
419	aParamQP = fossil_realloc( aParamQP, nAllocQP*sizeof(aParamQP[0]) );
420	}
421	aParamQP[nUsedQP].zName = zName;
422	aParamQP[nUsedQP].zValue = zValue;
423	if( g.fHttpTrace ){
424

Keyboard Shortcuts

Open search /

Next entry (timeline) j

Previous entry (timeline) k

Open focused entry Enter

Show this help ?

Toggle theme Top nav button