From 9074924be535f8043d1d41708ab34d6ce17264df Mon Sep 17 00:00:00 2001 From: Emil Mikulic Date: Thu, 27 Feb 2003 23:41:44 +0000 Subject: [PATCH] . Added MAX_REQUEST_LENGTH and a check for it in poll_recv_request() . Fixed comment DEFAULT_PORT -> bindport . "options:\n" -> "options:\n\n" --- trunk/darkhttpd.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/trunk/darkhttpd.c b/trunk/darkhttpd.c index 056971f..9c869e5 100644 --- a/trunk/darkhttpd.c +++ b/trunk/darkhttpd.c @@ -61,6 +61,13 @@ struct connection */ #define IDLETIME 60 +/* To prevent a malformed request from eating up too much memory, die once the + * request exceeds this many bytes: + */ +#define MAX_REQUEST_LENGTH 20000 + + + /* Defaults can be overridden on the command-line */ static in_addr_t bindaddr = INADDR_ANY; static u_int16_t bindport = 80; @@ -116,8 +123,8 @@ static void init_sockin(void) static void usage(void) { printf("\n usage: darkhttpd /path/to/wwwroot [options]\n\n" - "options:\n" - "\t--port number (default: %u)\n" /* DEFAULT_PORT */ + "options:\n\n" + "\t--port number (default: %u)\n" /* bindport */ "\t\tSpecifies which port to listen on for connections.\n" "\n" "\t--addr ip (default: all)\n" @@ -372,6 +379,13 @@ static void poll_recv_request(struct connection *conn) if (conn->request_length > 4 && memcmp(conn->request+conn->request_length-4, "\r\n\r\n", 4) == 0) process_request(conn); + + /* die if it's too long */ + if (conn->request_length > MAX_REQUEST_LENGTH) + { + default_reply(conn, 400, "Bad Request"); + conn->state = SEND_HEADER; + } }