scottk/wlan-cloud-lib-poco
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-cloud-lib-poco.git synced 2025-11-07 22:13:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix a potential DoS (through memory exhaustion) by restricting HTML form field name and value sizes

Browse Source
This commit is contained in:
Guenter Obiltschnig
2017-01-24 13:14:05 +01:00
parent 4392f13b9c
commit f6d8d0e10a
2 changed files with 47 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
Net/src/HTMLForm.cpp
View File

@@ -73,6 +73,7 @@ private:
HTMLForm::HTMLForm():
_fieldLimit(DFL_FIELD_LIMIT),
_valueLengthLimit(DFL_MAX_VALUE_LENGTH),
_encoding(ENCODING_URL)
{
}
@@ -80,27 +81,31 @@ HTMLForm::HTMLForm():
HTMLForm::HTMLForm(const std::string& encoding):
_fieldLimit(DFL_FIELD_LIMIT),
_valueLengthLimit(DFL_MAX_VALUE_LENGTH),
_encoding(encoding)
{
}
HTMLForm::HTMLForm(const HTTPRequest& request, std::istream& requestBody, PartHandler& handler):
_fieldLimit(DFL_FIELD_LIMIT)
_fieldLimit(DFL_FIELD_LIMIT),
_valueLengthLimit(DFL_MAX_VALUE_LENGTH)
{
load(request, requestBody, handler);
}
HTMLForm::HTMLForm(const HTTPRequest& request, std::istream& requestBody):
_fieldLimit(DFL_FIELD_LIMIT)
_fieldLimit(DFL_FIELD_LIMIT),
_valueLengthLimit(DFL_MAX_VALUE_LENGTH)
{
load(request, requestBody);
}
HTMLForm::HTMLForm(const HTTPRequest& request):
_fieldLimit(DFL_FIELD_LIMIT)
_fieldLimit(DFL_FIELD_LIMIT),
_valueLengthLimit(DFL_MAX_VALUE_LENGTH)
{
load(request);
}
@@ -296,7 +301,10 @@ void HTMLForm::readUrl(std::istream& istr)
while (ch != eof && ch != '=' && ch != '&')
{
if (ch == '+') ch = ' ';
name += (char) ch;
if (name.size() < MAX_NAME_LENGTH)
name += (char) ch;
else
throw HTMLFormException("Field name too long");
ch = istr.get();
}
if (ch == '=')
@@ -305,7 +313,10 @@ void HTMLForm::readUrl(std::istream& istr)
while (ch != eof && ch != '&')
{
if (ch == '+') ch = ' ';
value += (char) ch;
if (value.size() < _valueLengthLimit)
value += (char) ch;
else
throw HTMLFormException("Field value too long");
ch = istr.get();
}
}
@@ -359,7 +370,10 @@ void HTMLForm::readMultipart(std::istream& istr, PartHandler& handler)
int ch = istr.get();
while (ch != eof)
{
value += (char) ch;
if (value.size() < _valueLengthLimit)
value += (char) ch;
else
throw HTMLFormException("Field value too long");
ch = istr.get();
}
add(name, value);
@@ -439,4 +453,12 @@ void HTMLForm::setFieldLimit(int limit)
}
void HTMLForm::setValueLengthLimit(int limit)
{
poco_assert (limit >= 0);
_valueLengthLimit = limit;
}
} } // namespace Poco::Net