kenmirrors/asterisk
1
0
Fork 0
mirror of https://github.com/asterisk/asterisk.git synced 2025-10-03 19:16:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

http.c: Give HTTP error response when received lines are too long.

Browse Source 
Added a check when we receive a HTTP request line or header line that is
too long.  We now return an error response to the sender because we are
not able to process the request.

Change-Id: I6df2705435fd7dde4d5d3bdf7acec859cfb7c12d
This commit is contained in:
Richard Mudgett
2018-08-30 14:42:06 -05:00
parent 62afa54977
commit 4fcdcfaa37
1 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
main/http.c
View File

@@ -1740,13 +1740,21 @@ static int http_request_headers_get(struct ast_tcptls_session_instance *ser, str
remaining_headers = MAX_HTTP_REQUEST_HEADERS; remaining_headers = MAX_HTTP_REQUEST_HEADERS;
for (;;) { for (;;) {
ssize_t len;
char *name; char *name;
char *value; char *value;
if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) { len = ast_iostream_gets(ser->stream, header_line, sizeof(header_line));
if (len <= 0) {
ast_http_error(ser, 400, "Bad Request", "Timeout"); ast_http_error(ser, 400, "Bad Request", "Timeout");
return -1; return -1;
} }
if (header_line[len - 1] != '\n') {
/* We didn't get a full line */
ast_http_error(ser, 400, "Bad Request",
(len == sizeof(header_line) - 1) ? "Header line too long" : "Timeout");
return -1;
}
/* Trim trailing characters */ /* Trim trailing characters */
ast_trim_blanks(header_line); ast_trim_blanks(header_line);
@@ -1815,9 +1823,11 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
struct http_worker_private_data *request; struct http_worker_private_data *request;
enum ast_http_method http_method = AST_HTTP_UNKNOWN; enum ast_http_method http_method = AST_HTTP_UNKNOWN;
int res; int res;
ssize_t len;
char request_line[MAX_HTTP_LINE_LENGTH]; char request_line[MAX_HTTP_LINE_LENGTH];
if (ast_iostream_gets(ser->stream, request_line, sizeof(request_line)) <= 0) { len = ast_iostream_gets(ser->stream, request_line, sizeof(request_line));
if (len <= 0) {
return -1; return -1;
} }
@@ -1825,6 +1835,13 @@ static int httpd_process_request(struct ast_tcptls_session_instance *ser)
request = ser->private_data; request = ser->private_data;
http_request_tracking_init(request); http_request_tracking_init(request);
if (request_line[len - 1] != '\n') {
/* We didn't get a full line */
ast_http_error(ser, 400, "Bad Request",
(len == sizeof(request_line) - 1) ? "Request line too long" : "Timeout");
return -1;
}
/* Get method */ /* Get method */
method = ast_skip_blanks(request_line); method = ast_skip_blanks(request_line);
uri = ast_skip_nonblanks(method); uri = ast_skip_nonblanks(method);