generic-library/poco
1
0
Fork 0
mirror of https://github.com/pocoproject/poco.git synced 2025-10-23 08:31:43 +02:00
Code Issues Projects Releases Wiki Activity

fix a potential DoS vulnerability by restricting the length of the HTTP chunk size in chunked transfer encoding

Browse Source
This commit is contained in:
Guenter Obiltschnig
2017-01-24 13:11:41 +01:00
parent f45ab8e322
commit 3577724efd
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Net/src/HTTPChunkedStream.cpp
View File

@@ -67,7 +67,8 @@ int HTTPChunkedStreamBuf::readFromDevice(char* buffer, std::streamsize length)
int ch = _session.get(); int ch = _session.get();
while (Poco::Ascii::isSpace(ch)) ch = _session.get(); while (Poco::Ascii::isSpace(ch)) ch = _session.get();
std::string chunkLen; std::string chunkLen;
while (Poco::Ascii::isHexDigit(ch)) { chunkLen += (char) ch; ch = _session.get(); } while (Poco::Ascii::isHexDigit(ch) && chunkLen.size() < 8) { chunkLen += (char) ch; ch = _session.get(); }
if (ch != eof && !(Poco::Ascii::isSpace(ch) || ch == ';')) return eof;
while (ch != eof && ch != '\n') ch = _session.get(); while (ch != eof && ch != '\n') ch = _session.get();
unsigned chunk; unsigned chunk;
if (NumberParser::tryParseHex(chunkLen, chunk)) if (NumberParser::tryParseHex(chunkLen, chunk))