generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-02-21 14:42:51 +01:00
Code Issues Projects Releases Wiki Activity

fix a potential DoS vulnerability by restricting the length of the HTTP chunk size in chunked transfer encoding

Browse Source
This commit is contained in:
Guenter Obiltschnig 2017-01-24 13:11:41 +01:00
parent 28de783c96
commit 29f259cc24
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Net/src/HTTPChunkedStream.cpp
View File

@ -67,7 +67,8 @@ int HTTPChunkedStreamBuf::readFromDevice(char* buffer, std::streamsize length)
int ch = _session.get();
while (Poco::Ascii::isSpace(ch)) ch = _session.get();
std::string chunkLen;
while (Poco::Ascii::isHexDigit(ch)) { chunkLen += (char) ch; ch = _session.get(); }
while (Poco::Ascii::isHexDigit(ch) && chunkLen.size() < 8) { chunkLen += (char) ch; ch = _session.get(); }
if (ch != eof && !(Poco::Ascii::isSpace(ch) || ch == ';')) return eof;
while (ch != eof && ch != '\n') ch = _session.get();
unsigned chunk;
if (NumberParser::tryParseHex(chunkLen, chunk))