Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/www-servers/monkeyd/files/monkeyd-fix-DoS-headers-parser.patch
diff options
context:
space:
mode:
Diffstat (limited to 'www-servers/monkeyd/files/monkeyd-fix-DoS-headers-parser.patch')
-rw-r--r--www-servers/monkeyd/files/monkeyd-fix-DoS-headers-parser.patch131
1 files changed, 0 insertions, 131 deletions
diff --git a/www-servers/monkeyd/files/monkeyd-fix-DoS-headers-parser.patch b/www-servers/monkeyd/files/monkeyd-fix-DoS-headers-parser.patch
deleted file mode 100644
index db0e111dab00..000000000000
--- a/www-servers/monkeyd/files/monkeyd-fix-DoS-headers-parser.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-From 95d646e5de252bfaa8b68c39d0f48e5d82965d41 Mon Sep 17 00:00:00 2001
-From: Eduardo Silva <edsiper@gmail.com>
-Date: Wed, 5 Jun 2013 12:18:39 -0600
-Subject: [PATCH] Fix #182: DoS bug on headers parser
-
-This patch fix the root cause for a problem described in Ticket #182,
-actually if a header is malformed like a Header Key without a value, the
-ToC parser used to continue processing the next header line.
-
-The solution applied is to improve the ToC generator where it adds extra
-validations for at least one colon and forcing each header line to contain
-a value or empty space, otherwise the server will trigger a Bad Request
-response to the client and close the connection.
-
-Signed-off-by: Eduardo Silva <edsiper@gmail.com>
----
- src/mk_method.c | 11 ++++++++++-
- src/mk_request.c | 36 +++++++++++++++++++++++++++++-------
- 2 files changed, 39 insertions(+), 8 deletions(-)
-
-diff --git a/src/mk_method.c b/src/mk_method.c
-index 4a0698a..b35e893 100644
---- a/src/mk_method.c
-+++ b/src/mk_method.c
-@@ -45,16 +45,25 @@
-
- long int mk_method_validate_content_length(const char *body, int body_len)
- {
-+ int crlf;
- struct headers_toc toc;
- long int len;
- mk_pointer tmp;
-
-+ crlf = mk_string_search(body, MK_CRLF, MK_STR_INSENSITIVE);
-+ if (crlf < 0) {
-+ return -1;
-+ }
-+
- /*
- * obs: Table of Content (toc) is created when the full
- * request has arrived, this function cannot be used from
- * mk_http_pending_request().
- */
-- mk_request_header_toc_parse(&toc, body, body_len);
-+ if (mk_request_header_toc_parse(&toc, body + crlf + mk_crlf.len,
-+ body_len - mk_crlf.len - crlf) < 0) {
-+ return -1;
-+ }
- tmp = mk_request_header_get(&toc,
- mk_rh_content_length.data,
- mk_rh_content_length.len);
-diff --git a/src/mk_request.c b/src/mk_request.c
-index 5c1f07e..083aba8 100644
---- a/src/mk_request.c
-+++ b/src/mk_request.c
-@@ -121,13 +121,32 @@ static void mk_request_free(struct session_request *sr)
-
- int mk_request_header_toc_parse(struct headers_toc *toc, const char *data, int len)
- {
-- int i;
-+ int i = 0;
-+ int header_len;
-+ int colon;
-+ char *q;
- char *p = (char *) data;
-- char *l = 0;
-+ char *l = p;
-
- toc->length = 0;
-+
-+ if (*p == '\r') goto out;
- for (i = 0; l < (data + len) && p && i < MK_HEADERS_TOC_LEN; i++) {
-- l = strstr(p, MK_CRLF);
-+ if (*p == '\r') goto out;
-+
-+ colon = -1;
-+ for (q = p; *q != '\r'; ++q) {
-+ if (*q == ':') {
-+ colon = (q - p);
-+ }
-+ }
-+
-+ l = (q);
-+ header_len = (l - p) - mk_crlf.len;
-+ if ((colon == -1) || (header_len == colon) || (*++q != '\n')) {
-+ return -1;
-+ }
-+
- if (l) {
- toc->rows[i].init = p;
- toc->rows[i].end = l;
-@@ -140,6 +159,7 @@ int mk_request_header_toc_parse(struct headers_toc *toc, const char *data, int l
- }
- }
-
-+ out:
- return toc->length;
- }
-
-@@ -237,13 +257,15 @@ static int mk_request_header_process(struct session_request *sr)
-
- /* Creating Table of Content (index) for HTTP headers */
- sr->headers_len = sr->body.len - (prot_end + mk_crlf.len);
-- mk_request_header_toc_parse(&sr->headers_toc, headers, sr->headers_len);
-+ if (mk_request_header_toc_parse(&sr->headers_toc, headers, sr->headers_len) < 0) {
-+ MK_TRACE("Invalid headers");
-+ return -1;
-+ }
-
- /* Host */
- host = mk_request_header_get(&sr->headers_toc,
- mk_rh_host.data,
- mk_rh_host.len);
--
- if (host.data) {
- if ((pos_sep = mk_string_char_search_r(host.data, ':', host.len)) >= 0) {
- /* TCP port should not be higher than 65535 */
-@@ -321,8 +343,8 @@ static int mk_request_header_process(struct session_request *sr)
- sr->keep_alive = MK_TRUE;
- sr->close_now = MK_FALSE;
- }
-- else if(mk_string_search_n(sr->connection.data, "Close",
-- MK_STR_INSENSITIVE, sr->connection.len) >= 0) {
-+ else if (mk_string_search_n(sr->connection.data, "Close",
-+ MK_STR_INSENSITIVE, sr->connection.len) >= 0) {
- sr->keep_alive = MK_FALSE;
- sr->close_now = MK_TRUE;
- }
---
-1.7.4.1
-