Related: CVE-2015-5159
From b9595d34e36d967d57c0f72f26fca40b913c6d5e Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum <npmccal...@redhat.com>
Date: Wed, 22 Jul 2015 14:18:16 -0400
Subject: [PATCH] Limit request sizes to /KdcProxy

Related: CVE-2015-5159
---
 install/conf/ipa-kdc-proxy.conf.template | 1 +
 1 file changed, 1 insertion(+)

diff --git a/install/conf/ipa-kdc-proxy.conf.template b/install/conf/ipa-kdc-proxy.conf.template
index 9290cebba0175b320c73be8aee59e982435e4c37..4b9c716d2f6adc2cee1f009a7afab41fa6059a1c 100644
--- a/install/conf/ipa-kdc-proxy.conf.template
+++ b/install/conf/ipa-kdc-proxy.conf.template
@@ -27,4 +27,5 @@ WSGIScriptReloading Off
   Allow from all
   WSGIProcessGroup kdcproxy
   WSGIApplicationGroup kdcproxy
+  LimitRequestBody 100000
 </Location>
-- 
2.4.6

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to