[Asterisk-code-review] http.c: Give HTTP error response when received lines are too... (asterisk[master])
George Joseph
asteriskteam at digium.com
Thu Sep 6 11:49:25 CDT 2018
George Joseph has submitted this change and it was merged. ( https://gerrit.asterisk.org/10033 )
Change subject: http.c: Give HTTP error response when received lines are too long.
......................................................................
http.c: Give HTTP error response when received lines are too long.
Added a check when we receive a HTTP request line or header line that is
too long. We now return an error response to the sender because we are
not able to process the request.
Change-Id: I6df2705435fd7dde4d5d3bdf7acec859cfb7c12d
---
M main/http.c
1 file changed, 19 insertions(+), 2 deletions(-)
Approvals:
Matthew Fredrickson: Looks good to me, but someone else must approve
Benjamin Keith Ford: Looks good to me, but someone else must approve
George Joseph: Looks good to me, approved; Approved for Submit
diff --git a/main/http.c b/main/http.c
index d7ec60a..5d0b89e 100644
--- a/main/http.c
+++ b/main/http.c
@@ -1740,13 +1740,21 @@
remaining_headers = MAX_HTTP_REQUEST_HEADERS;
for (;;) {
+ ssize_t len;
char *name;
char *value;
- if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) {
+ len = ast_iostream_gets(ser->stream, header_line, sizeof(header_line));
+ if (len <= 0) {
ast_http_error(ser, 400, "Bad Request", "Timeout");
return -1;
}
+ if (header_line[len - 1] != '\n') {
+ /* We didn't get a full line */
+ ast_http_error(ser, 400, "Bad Request",
+ (len == sizeof(header_line) - 1) ? "Header line too long" : "Timeout");
+ return -1;
+ }
/* Trim trailing characters */
ast_trim_blanks(header_line);
@@ -1815,9 +1823,11 @@
struct http_worker_private_data *request;
enum ast_http_method http_method = AST_HTTP_UNKNOWN;
int res;
+ ssize_t len;
char request_line[MAX_HTTP_LINE_LENGTH];
- if (ast_iostream_gets(ser->stream, request_line, sizeof(request_line)) <= 0) {
+ len = ast_iostream_gets(ser->stream, request_line, sizeof(request_line));
+ if (len <= 0) {
return -1;
}
@@ -1825,6 +1835,13 @@
request = ser->private_data;
http_request_tracking_init(request);
+ if (request_line[len - 1] != '\n') {
+ /* We didn't get a full line */
+ ast_http_error(ser, 400, "Bad Request",
+ (len == sizeof(request_line) - 1) ? "Request line too long" : "Timeout");
+ return -1;
+ }
+
/* Get method */
method = ast_skip_blanks(request_line);
uri = ast_skip_nonblanks(method);
--
To view, visit https://gerrit.asterisk.org/10033
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-MessageType: merged
Gerrit-Change-Id: I6df2705435fd7dde4d5d3bdf7acec859cfb7c12d
Gerrit-Change-Number: 10033
Gerrit-PatchSet: 2
Gerrit-Owner: Richard Mudgett <rmudgett at digium.com>
Gerrit-Reviewer: Benjamin Keith Ford <bford at digium.com>
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Reviewer: Jenkins2
Gerrit-Reviewer: Matthew Fredrickson <creslin at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180906/844049d7/attachment-0001.html>
More information about the asterisk-code-review
mailing list