Updated Branches: refs/heads/master c08ce26f6 -> 60e961884
TS-1150 Limit headers to 64KB, which is our internal limit anyways Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/60e96188 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/60e96188 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/60e96188 Branch: refs/heads/master Commit: 60e961884b41abe20a6a73cc6dab60f2861cbb3b Parents: c08ce26 Author: Leif Hedstrom <[email protected]> Authored: Fri Mar 23 19:03:41 2012 -0600 Committer: Leif Hedstrom <[email protected]> Committed: Fri Mar 23 19:03:41 2012 -0600 ---------------------------------------------------------------------- proxy/hdrs/HTTP.cc | 15 +++++++++++++++ proxy/hdrs/MIME.cc | 9 +++++++-- proxy/hdrs/MIME.h | 2 +- 3 files changed, 23 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/60e96188/proxy/hdrs/HTTP.cc ---------------------------------------------------------------------- diff --git a/proxy/hdrs/HTTP.cc b/proxy/hdrs/HTTP.cc index 2c001be..fcc8fb8 100644 --- a/proxy/hdrs/HTTP.cc +++ b/proxy/hdrs/HTTP.cc @@ -21,6 +21,7 @@ limitations under the License. */ +#include "ink_port.h" #include "libts.h" #include <assert.h> #include <stdio.h> @@ -900,6 +901,10 @@ http_parser_parse_req(HTTPParser *parser, HdrHeap *heap, HTTPHdrImpl *hh, const start: hh->m_polarity = HTTP_TYPE_REQUEST; + // Make sure the line is not longer than 64K + if (scanner->m_line_length >= UINT16_MAX) + return PARSE_ERROR; + err = mime_scanner_get(scanner, start, real_end, &line_start, &end, &line_is_real, eof, MIME_SCANNER_TYPE_LINE); if (err < 0) return err; @@ -911,6 +916,9 @@ http_parser_parse_req(HTTPParser *parser, HdrHeap *heap, HTTPHdrImpl *hh, const return err; cur = line_start; + ink_assert((end - cur) >= 0); + ink_assert((end - cur) < UINT16_MAX); + must_copy_strings = (must_copy_strings || (!line_is_real)); #if ENABLE_SAVE_ORIGINAL_REQUEST @@ -1116,6 +1124,10 @@ http_parser_parse_resp(HTTPParser *parser, HdrHeap *heap, HTTPHdrImpl *hh, const hh->m_polarity = HTTP_TYPE_RESPONSE; + // Make sure the line is not longer than 64K + if (scanner->m_line_length >= UINT16_MAX) + return PARSE_ERROR; + err = mime_scanner_get(scanner, start, real_end, &line_start, &end, &line_is_real, eof, MIME_SCANNER_TYPE_LINE); if (err < 0) return err; @@ -1123,6 +1135,9 @@ http_parser_parse_resp(HTTPParser *parser, HdrHeap *heap, HTTPHdrImpl *hh, const return err; cur = line_start; + ink_assert((end - cur) >= 0); + ink_assert((end - cur) < UINT16_MAX); + must_copy_strings = (must_copy_strings || (!line_is_real)); #if (ENABLE_PARSER_FAST_PATHS) http://git-wip-us.apache.org/repos/asf/trafficserver/blob/60e96188/proxy/hdrs/MIME.cc ---------------------------------------------------------------------- diff --git a/proxy/hdrs/MIME.cc b/proxy/hdrs/MIME.cc index 2242ef3..c82da56 100644 --- a/proxy/hdrs/MIME.cc +++ b/proxy/hdrs/MIME.cc @@ -21,6 +21,7 @@ limitations under the License. */ +#include "ink_port.h" #include "libts.h" #include <assert.h> #include <stdio.h> @@ -2312,7 +2313,6 @@ _mime_parser_init(MIMEParser *parser) parser->m_field_flags = 0; parser->m_value = -1; } - ////////////////////////////////////////////////////// // init first time structure setup // // clear resets an already-initialized structure // @@ -2411,6 +2411,10 @@ mime_parser_parse(MIMEParser *parser, HdrHeap *heap, MIMEHdrImpl *mh, const char field_name_length = (int) (field_name_last - field_name_first + 1); field_value_length = (int) (field_value_last - field_value_first + 1); + // Make sure the name or value is not longer than 64K + if (field_name_length >= UINT16_MAX || field_value_length >= UINT16_MAX) + return PARSE_ERROR; + int total_line_length = (int) (field_line_last - field_line_first + 1); ////////////////////////////////////////////////////////////////////// @@ -2667,8 +2671,9 @@ mime_field_print(MIMEField *field, char *buf_start, int buf_length, int *buf_ind } const char * -mime_str_u16_set(HdrHeap *heap, const char *s_str, uint16_t s_len, const char **d_str, uint16_t *d_len, bool must_copy) +mime_str_u16_set(HdrHeap *heap, const char *s_str, int s_len, const char **d_str, uint16_t *d_len, bool must_copy) { + ink_assert(s_len >= 0 && s_len < UINT16_MAX); // INKqa08287 - keep track of free string space. // INVARIENT: passed in result pointers must be to // either NULL or be valid ptr for a string already http://git-wip-us.apache.org/repos/asf/trafficserver/blob/60e96188/proxy/hdrs/MIME.h ---------------------------------------------------------------------- diff --git a/proxy/hdrs/MIME.h b/proxy/hdrs/MIME.h index 49a6b98..058e88c 100644 --- a/proxy/hdrs/MIME.h +++ b/proxy/hdrs/MIME.h @@ -678,7 +678,7 @@ int mime_mem_print(const char *src_d, int src_l, char *buf_start, int buf_length int mime_field_print(MIMEField * field, char *buf_start, int buf_length, int *buf_index_inout, int *buf_chars_to_skip_inout); -const char *mime_str_u16_set(HdrHeap * heap, const char *s_str, uint16_t s_len, +const char *mime_str_u16_set(HdrHeap * heap, const char *s_str, int s_len, const char **d_str, uint16_t * d_len, bool must_copy); int mime_field_length_get(MIMEField * field);
