vlc/vlc-2.2 | branch: master | Rémi Denis-Courmont <[email protected]> | Mon Aug 25 20:55:42 2014 +0300| [1952b89f2ec75b05b0cc6a477e3e780033de799c] | committer: Rémi Denis-Courmont
httpd: reject incoming requests bodies over 64k (cherry picked from commit 44b7c126c6d2a2002758c12db2f0bb89dc328a3c) > http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=1952b89f2ec75b05b0cc6a477e3e780033de799c --- src/network/httpd.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/network/httpd.c b/src/network/httpd.c index b8fb979..d3e138d 100644 --- a/src/network/httpd.c +++ b/src/network/httpd.c @@ -1373,6 +1373,7 @@ static void httpd_ClientRecv(httpd_client_t *cl) } } else if (cl->query.i_body > 0) { /* we are reading the body of a request or a channel */ + assert (cl->query.p_body != NULL); i_len = httpd_NetRecv(cl, &cl->query.p_body[cl->i_buffer], cl->query.i_body - cl->i_buffer); if (i_len > 0) @@ -1565,7 +1566,10 @@ static void httpd_ClientRecv(httpd_client_t *cl) /* TODO Mhh, handle the case where the client only * sends a request and closes the connection to * mark the end of the body (probably only RTSP) */ - cl->query.p_body = malloc(cl->query.i_body); + if (cl->query.i_body >= 65536) + cl->query.p_body = malloc(cl->query.i_body); + else + cl->query.p_body = NULL; cl->i_buffer = 0; if (!cl->query.p_body) { switch (cl->query.i_proto) { _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
