diff options
author | christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> | 2008-08-14 17:31:44 +0000 |
---|---|---|
committer | christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> | 2008-08-14 17:31:44 +0000 |
commit | 5a544d0d7a549a68b85e8410ecdc390b30390dd9 (patch) | |
tree | 957264f0186ad9b438ab258ba2a97bdf06c3963d /admin.pl | |
parent | 247dc6b555ec97da45e0ece2f11a8c1fc9a7de5c (diff) |
CONTENT_LENGTH is a user supplied variable. Without any checks for size, one could easily DoS the machine with very large POSTS. Commiting changes made to /trunk/ in /branches/1.2/
git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@2265 4979c152-3d1c-0410-bac9-87ea11338e46
Diffstat (limited to 'admin.pl')
-rwxr-xr-x | admin.pl | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -53,7 +53,12 @@ require "common.pl"; $| = 1; -if ( $ENV{CONTENT_LENGTH} ) { +if ( $ENV{CONTENT_LENGTH} > $LedgerSMB::Sysconfig::max_post_size ) { + print "Status: 413\n Request entity too large\n\n"; + die "Error: Request entity too large\n"; +} + +if ( $ENV{CONTENT_LENGTH} > 0 ) { read( STDIN, $_, $ENV{CONTENT_LENGTH} ); } |