This patch looks after the restriction on the max permissible length
of every parameter.If a parameter value exceeds the max length it
duda_request_parse returns -1 and an appropriate message is shown
on the terminal when in the TRACE mode.
---
plugins/duda/duda.c | 11 +++++++++++
plugins/duda/webservice.c | 1 +
2 files changed, 12 insertions(+), 0 deletions(-)
mode change 100644 => 100755 plugins/duda/duda.c
mode change 100644 => 100755 plugins/duda/webservice.c
diff --git a/plugins/duda/duda.c b/plugins/duda/duda.c
old mode 100644
new mode 100755
index eb4469a..2c78207
--- a/plugins/duda/duda.c
+++ b/plugins/duda/duda.c
@@ -252,6 +252,8 @@ int duda_request_parse(struct session_request *sr,
unsigned int i = 0, len, val_len;
int end;
short int allowed_params;
+ struct mk_list *head_param;
+ struct duda_param *entry_param;
len = sr->uri_processed.len;
@@ -301,10 +303,19 @@ int duda_request_parse(struct session_request *sr,
MAP_WS_MAX_PARAMS:allowed_params);
return -1;
}
+ if (dr->n_params == 0) {
+ head_param = (&dr->_method->params)->next;
+ }
+ entry_param = mk_list_entry(head_param, struct duda_param, _head);
+ if (val_len > entry_param->max_len) {
+ PLUGIN_TRACE("too long param (max=%i)", entry_param->max_len);
+ return -1;
+ }
dr->params[dr->n_params].data = sr->uri_processed.data + i;
dr->params[dr->n_params].len = val_len;
dr->n_params++;
last_field = MAP_WS_PARAM;
+ head_param = head_param->next;
break;
}
diff --git a/plugins/duda/webservice.c b/plugins/duda/webservice.c
old mode 100644
new mode 100755
index 963c67e..87f5283
--- a/plugins/duda/webservice.c
+++ b/plugins/duda/webservice.c
@@ -71,6 +71,7 @@ duda_param_t *duda_param_new(char *uid, short int max_len)
duda_param_t *param;
param = mk_api->mem_alloc(sizeof(duda_param_t));
+ param->name = uid;
param->max_len = max_len;
return param;
_______________________________________________
Monkey mailing list
[email protected]
http://lists.monkey-project.com/listinfo/monkey
