kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-11-16 23:08:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

http.c: Give HTTP error response when received lines are too long.

Browse Source 
Added a check when we receive a HTTP request line or header line that is
too long.  We now return an error response to the sender because we are
not able to process the request.

Change-Id: I6df2705435fd7dde4d5d3bdf7acec859cfb7c12d
This commit is contained in:
Richard Mudgett
2018-08-30 14:42:06 -05:00
parent cfe8ef917d
commit 4e20fe9f06
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
main/http.c
View File

@@ -1772,6 +1772,7 @@ static int http_request_headers_get(struct ast_tcptls_session_instance *ser, str
remaining_headers = MAX_HTTP_REQUEST_HEADERS; remaining_headers = MAX_HTTP_REQUEST_HEADERS;
for (;;) { for (;;) {
size_t len;
char *name; char *name;
char *value; char *value;
@@ -1779,6 +1780,13 @@ static int http_request_headers_get(struct ast_tcptls_session_instance *ser, str
ast_http_error(ser, 400, "Bad Request", "Timeout"); ast_http_error(ser, 400, "Bad Request", "Timeout");
return -1; return -1;
} }
len = strlen(header_line);
if (!len || header_line[len - 1] != '\n') {
/* We didn't get a full line */
ast_http_error(ser, 400, "Bad Request",
(len == sizeof(header_line) - 1) ? "Header line too long" : "Timeout");
return -1;
}
/* Trim trailing characters */ /* Trim trailing characters */
ast_trim_blanks(header_line); ast_trim_blanks(header_line);
@@ -1847,6 +1855,7 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
struct http_worker_private_data *request; struct http_worker_private_data *request;
enum ast_http_method http_method = AST_HTTP_UNKNOWN; enum ast_http_method http_method = AST_HTTP_UNKNOWN;
int res; int res;
size_t len;
char request_line[MAX_HTTP_LINE_LENGTH]; char request_line[MAX_HTTP_LINE_LENGTH];
if (!fgets(request_line, sizeof(request_line), ser->f)) { if (!fgets(request_line, sizeof(request_line), ser->f)) {
@@ -1857,6 +1866,14 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
request = ser->private_data; request = ser->private_data;
http_request_tracking_init(request); http_request_tracking_init(request);
len = strlen(request_line);
if (!len || request_line[len - 1] != '\n') {
/* We didn't get a full line */
ast_http_error(ser, 400, "Bad Request",
(len == sizeof(request_line) - 1) ? "Request line too long" : "Timeout");
return -1;
}
/* Get method */ /* Get method */
method = ast_skip_blanks(request_line); method = ast_skip_blanks(request_line);
uri = ast_skip_nonblanks(method); uri = ast_skip_nonblanks(method);