diff options
| author | christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> | 2008-08-14 17:31:44 +0000 |
|---|---|---|
| committer | christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> | 2008-08-14 17:31:44 +0000 |
| commit | 5a544d0d7a549a68b85e8410ecdc390b30390dd9 (patch) | |
| tree | 957264f0186ad9b438ab258ba2a97bdf06c3963d /LedgerSMB | |
| parent | 247dc6b555ec97da45e0ece2f11a8c1fc9a7de5c (diff) | |
CONTENT_LENGTH is a user supplied variable. Without any checks for size, one could easily DoS the machine with very large POSTS. Commiting changes made to /trunk/ in /branches/1.2/
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@2265 4979c152-3d1c-0410-bac9-87ea11338e46
Diffstat (limited to 'LedgerSMB')
| -rwxr-xr-x | LedgerSMB/Form.pm | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm index 6cb65964..e37de58a 100755 --- a/LedgerSMB/Form.pm +++ b/LedgerSMB/Form.pm @@ -52,6 +52,11 @@ sub new { my $argstr = shift; + if ($ENV{CONTENT_LENGTH} > $LedgerSMB::Sysconfig::max_post_size) { + print "Status: 413\n Request entity too large\n\n"; + die "Error: Request entity too large\n"; + } + read( STDIN, $_, $ENV{CONTENT_LENGTH} ); if ($argstr) { |