Browse Source

- Added checks for maximum Header and Request length

master
decke 7 years ago
parent
commit
58c391f9a4
3 changed files with 27 additions and 10 deletions
  1. 11
    4
      server.c
  2. 2
    0
      stomp.h
  3. 14
    6
      stomputil.c

+ 11
- 4
server.c View File

@@ -103,8 +103,14 @@ void buffered_on_read(struct bufferevent *bev, void *arg)
103 103
 	 * bufferevent_write_buffer will drain the incoming data so it
104 104
 	 * is effectively gone after we call it. */
105 105
 	struct client *client = (struct client *)arg;
106
+        size_t read_len;
107
+
108
+	client->rawrequest = evbuffer_readln(bufferevent_get_input(bev), &read_len, EVBUFFER_EOL_NUL);
109
+	if(read_len >= MAXREQUESTLEN){
110
+		client->response_cmd = STOMP_CMD_DISCONNECT;
111
+		goto response;
112
+	}
106 113
 
107
-	client->rawrequest = evbuffer_readln(bufferevent_get_input(bev), NULL, EVBUFFER_EOL_NUL);
108 114
 	if (client->rawrequest == NULL)
109 115
 		goto error;
110 116
 
@@ -138,12 +144,13 @@ void buffered_on_read(struct bufferevent *bev, void *arg)
138 144
 	}
139 145
 
140 146
 	if(stomp_parse_headers(client->request_headers, client->request) != 0){
141
-		client->response_cmd = STOMP_CMD_ERROR;
142
-		evhttp_add_header(client->response_headers, "message", "Invalid Request");
143
-		goto error;
147
+		client->response_cmd = STOMP_CMD_DISCONNECT;
148
+		goto response;
144 149
 	}
145 150
 
146 151
         stomp_handle_request(client);
152
+
153
+response:
147 154
         stomp_handle_response(client);
148 155
 
149 156
 error:

+ 2
- 0
stomp.h View File

@@ -31,6 +31,8 @@
31 31
 #include <event2/http.h>
32 32
 
33 33
 #define MAXQUEUELEN	128
34
+#define MAXHEADERLEN	512
35
+#define MAXREQUESTLEN	10240
34 36
 
35 37
 enum stomp_direction {
36 38
    STOMP_IN = 1,

+ 14
- 6
stomputil.c View File

@@ -128,7 +128,15 @@ int stomp_parse_headers(struct evkeyvalq *headers, char *request)
128 128
       skey = NULL;
129 129
       svalue = NULL;
130 130
 
131
+      if(line_length > MAXHEADERLEN){
132
+         free(line);
133
+         evbuffer_free(buffer);
134
+         logwarn("Request exceeded maximum header length %d", MAXHEADERLEN);
135
+         return 1;
136
+      }
137
+
131 138
       if(strchr(line, ':') == NULL){
139
+         free(line);
132 140
          continue;
133 141
       }
134 142
 
@@ -143,12 +151,12 @@ int stomp_parse_headers(struct evkeyvalq *headers, char *request)
143 151
 
144 152
       svalue += strspn(svalue, " ");
145 153
 
146
-      /* TODO: check if header with same name already parsed */
147
-
148
-      if (evhttp_add_header(headers, skey, svalue) == -1){
149
-         free(line);
150
-         evbuffer_free(buffer);
151
-         return 1;
154
+      if (evhttp_find_header(headers, skey) == NULL){
155
+         if (evhttp_add_header(headers, skey, svalue) == -1){
156
+            free(line);
157
+            evbuffer_free(buffer);
158
+            return 1;
159
+         }
152 160
       }
153 161
 
154 162
       free(line);

Loading…
Cancel
Save