summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOpenGnSys Support Team <soporte-og@soleta.eu>2019-08-28 16:34:00 +0200
committerOpenGnSys Support Team <soporte-og@soleta.eu>2019-08-28 17:16:01 +0200
commit20dcb0a906b55c4e3f52bf2b994d696c4f42cc70 (patch)
treec2576545298e5402ec6214087a4089745da75980
parent881f532ee1c46b930af86976ea7f177c31482154 (diff)
#915 close connection to REST API if request is too long
If REST API request length is >= 4096 bytes, close the connection.
-rw-r--r--sources/ogAdmServer.cpp9
1 files changed, 8 insertions, 1 deletions
diff --git a/sources/ogAdmServer.cpp b/sources/ogAdmServer.cpp
index 2168a5c..75f0a2c 100644
--- a/sources/ogAdmServer.cpp
+++ b/sources/ogAdmServer.cpp
@@ -122,6 +122,8 @@ enum og_client_state {
OG_CLIENT_PROCESSING_REQUEST,
};
+#define OG_MSG_REQUEST_MAXLEN 4096
+
/* Shut down connection if there is no complete message after 10 seconds. */
#define OG_CLIENT_TIMEOUT 10
@@ -130,7 +132,7 @@ struct og_client {
struct ev_timer timer;
struct sockaddr_in addr;
enum og_client_state state;
- char buf[4096];
+ char buf[OG_MSG_REQUEST_MAXLEN];
unsigned int buf_len;
unsigned int msg_len;
int keepalive_idx;
@@ -4193,6 +4195,11 @@ static void og_client_read_cb(struct ev_loop *loop, struct ev_io *io, int events
ev_timer_again(loop, &cli->timer);
cli->buf_len += ret;
+ if (cli->buf_len >= sizeof(cli->buf)) {
+ syslog(LOG_ERR, "client request from %s:%hu is too long\n",
+ inet_ntoa(cli->addr.sin_addr), ntohs(cli->addr.sin_port));
+ goto close;
+ }
switch (cli->state) {
case OG_CLIENT_RECEIVING_HEADER: