net/tinyproxy/patches/CVE-2012-3505-tinyproxy-limit-headers.patch

   1 --- a/src/reqs.c
   2 +++ b/src/reqs.c
   3 @@ -610,6 +610,11 @@ add_header_to_connection (hashmap_t hash
   4          return hashmap_insert (hashofheaders, header, sep, len);
   5  }
   6
   7 +/* define max number of headers. big enough to handle legitimate cases,
   8 + * but limited to avoid DoS
   9 + */
  10 +#define MAX_HEADERS 10000
  11 +
  12  /*
  13   * Read all the headers from the stream
  14   */
  15 @@ -617,6 +622,7 @@ static int get_all_headers (int fd, hash
  16  {
  17          char *line = NULL;
  18          char *header = NULL;
  19 +       int count;
  20          char *tmp;
  21          ssize_t linelen;
  22          ssize_t len = 0;
  23 @@ -625,7 +631,7 @@ static int get_all_headers (int fd, hash
  24          assert (fd >= 0);
  25          assert (hashofheaders != NULL);
  26
  27 -        for (;;) {
  28 +        for (count = 0; count < MAX_HEADERS; count++) {
  29                  if ((linelen = readline (fd, &line)) <= 0) {
  30                          safefree (header);
  31                          safefree (line);
  32 @@ -691,6 +697,12 @@ static int get_all_headers (int fd, hash
  33
  34                  safefree (line);
  35          }
  36 +
  37 +       /* if we get there, this is we reached MAX_HEADERS count.
  38 +          bail out with error */
  39 +       safefree (header);
  40 +       safefree (line);
  41 +       return -1;
  42  }
  43
  44  /*