[Asterisk-code-review] http.c: Give HTTP error response when received lines are too... (asterisk[15])

Richard Mudgett asteriskteam at digium.com
Thu Aug 30 17:15:45 CDT 2018


Richard Mudgett has uploaded this change for review. ( https://gerrit.asterisk.org/10031


Change subject: http.c: Give HTTP error response when received lines are too long.
......................................................................

http.c: Give HTTP error response when received lines are too long.

Added a check when we receive a HTTP request line or header line that is
too long.  We now return an error response to the sender because we are
not able to process the request.

Change-Id: I6df2705435fd7dde4d5d3bdf7acec859cfb7c12d
---
M main/http.c
1 file changed, 19 insertions(+), 2 deletions(-)



  git pull ssh://gerrit.asterisk.org:29418/asterisk refs/changes/31/10031/1

diff --git a/main/http.c b/main/http.c
index 30b2fe2..e9c6e83 100644
--- a/main/http.c
+++ b/main/http.c
@@ -1740,13 +1740,21 @@
 
 	remaining_headers = MAX_HTTP_REQUEST_HEADERS;
 	for (;;) {
+		ssize_t len;
 		char *name;
 		char *value;
 
-		if (ast_iostream_gets(ser->stream, header_line, sizeof(header_line)) <= 0) {
+		len = ast_iostream_gets(ser->stream, header_line, sizeof(header_line));
+		if (len <= 0) {
 			ast_http_error(ser, 400, "Bad Request", "Timeout");
 			return -1;
 		}
+		if (header_line[len - 1] != '\n') {
+			/* We didn't get a full line */
+			ast_http_error(ser, 400, "Bad Request",
+				(len == sizeof(header_line) - 1) ? "Header line too long" : "Timeout");
+			return -1;
+		}
 
 		/* Trim trailing characters */
 		ast_trim_blanks(header_line);
@@ -1815,9 +1823,11 @@
 	struct http_worker_private_data *request;
 	enum ast_http_method http_method = AST_HTTP_UNKNOWN;
 	int res;
+	ssize_t len;
 	char request_line[MAX_HTTP_LINE_LENGTH];
 
-	if (ast_iostream_gets(ser->stream, request_line, sizeof(request_line)) <= 0) {
+	len = ast_iostream_gets(ser->stream, request_line, sizeof(request_line));
+	if (len <= 0) {
 		return -1;
 	}
 
@@ -1825,6 +1835,13 @@
 	request = ser->private_data;
 	http_request_tracking_init(request);
 
+	if (request_line[len - 1] != '\n') {
+		/* We didn't get a full line */
+		ast_http_error(ser, 400, "Bad Request",
+			(len == sizeof(header_line) - 1) ? "Request line too long" : "Timeout");
+		return -1;
+	}
+
 	/* Get method */
 	method = ast_skip_blanks(request_line);
 	uri = ast_skip_nonblanks(method);

-- 
To view, visit https://gerrit.asterisk.org/10031
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings

Gerrit-Project: asterisk
Gerrit-Branch: 15
Gerrit-MessageType: newchange
Gerrit-Change-Id: I6df2705435fd7dde4d5d3bdf7acec859cfb7c12d
Gerrit-Change-Number: 10031
Gerrit-PatchSet: 1
Gerrit-Owner: Richard Mudgett <rmudgett at digium.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20180830/5dbf8b4a/attachment.html>


More information about the asterisk-code-review mailing list