Browse Source

- Added checks for maximum Header and Request length

master
decke 7 years ago
parent
commit
58c391f9a4
3 changed files with 27 additions and 10 deletions
  1. 11
    4
      server.c
  2. 2
    0
      stomp.h
  3. 14
    6
      stomputil.c

+ 11
- 4
server.c View File

@@ -103,8 +103,14 @@ void buffered_on_read(struct bufferevent *bev, void *arg)
* bufferevent_write_buffer will drain the incoming data so it
* is effectively gone after we call it. */
struct client *client = (struct client *)arg;
size_t read_len;

client->rawrequest = evbuffer_readln(bufferevent_get_input(bev), &read_len, EVBUFFER_EOL_NUL);
if(read_len >= MAXREQUESTLEN){
client->response_cmd = STOMP_CMD_DISCONNECT;
goto response;
}

client->rawrequest = evbuffer_readln(bufferevent_get_input(bev), NULL, EVBUFFER_EOL_NUL);
if (client->rawrequest == NULL)
goto error;

@@ -138,12 +144,13 @@ void buffered_on_read(struct bufferevent *bev, void *arg)
}

if(stomp_parse_headers(client->request_headers, client->request) != 0){
client->response_cmd = STOMP_CMD_ERROR;
evhttp_add_header(client->response_headers, "message", "Invalid Request");
goto error;
client->response_cmd = STOMP_CMD_DISCONNECT;
goto response;
}

stomp_handle_request(client);

response:
stomp_handle_response(client);

error:

+ 2
- 0
stomp.h View File

@@ -31,6 +31,8 @@
#include <event2/http.h>

#define MAXQUEUELEN 128
#define MAXHEADERLEN 512
#define MAXREQUESTLEN 10240

enum stomp_direction {
STOMP_IN = 1,

+ 14
- 6
stomputil.c View File

@@ -128,7 +128,15 @@ int stomp_parse_headers(struct evkeyvalq *headers, char *request)
skey = NULL;
svalue = NULL;

if(line_length > MAXHEADERLEN){
free(line);
evbuffer_free(buffer);
logwarn("Request exceeded maximum header length %d", MAXHEADERLEN);
return 1;
}

if(strchr(line, ':') == NULL){
free(line);
continue;
}

@@ -143,12 +151,12 @@ int stomp_parse_headers(struct evkeyvalq *headers, char *request)

svalue += strspn(svalue, " ");

/* TODO: check if header with same name already parsed */
if (evhttp_add_header(headers, skey, svalue) == -1){
free(line);
evbuffer_free(buffer);
return 1;
if (evhttp_find_header(headers, skey) == NULL){
if (evhttp_add_header(headers, skey, svalue) == -1){
free(line);
evbuffer_free(buffer);
return 1;
}
}

free(line);

Loading…
Cancel
Save