CONTENT_LENGTH is a user supplied variable. Without any checks for size, one could easily DoS the machine with very large POSTS

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/trunk@2196 4979c152-3d1c-0410-bac9-87ea11338e46
author: christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> 2008-07-08 19:36:23 +0000
committer: christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46> 2008-07-08 19:36:23 +0000
commit: b9d31615182994d1ad9d883c6c364979ac0aa040 (patch)
tree: f5c4d2c7a3680fc17bc4e6bb3dcee33ed41e54ba /admin.pl
parent: 8176af5e128b19af81d509450027e59471a54559 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/admin.pl b/admin.pl
index c4ae2d48..3e63e4e9 100755
--- a/admin.pl
+++ b/admin.pl
@@ -53,7 +53,12 @@ require "common.pl";
 
 $| = 1;
 
-if ( $ENV{CONTENT_LENGTH} ) {
+if ($ENV{CONTENT_LENGTH} > $LedgerSMB::Sysconfig::max_post_size; ) {
+    print "Status: 413\n Request entity too large\n\n";
+    die "Error: Request entity too large\n";
+}
+
+if ( $ENV{CONTENT_LENGTH} > 0 ) {
     read( STDIN, $_, $ENV{CONTENT_LENGTH} );
 }
author	christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46>	2008-07-08 19:36:23 +0000
committer	christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46>	2008-07-08 19:36:23 +0000
commit	b9d31615182994d1ad9d883c6c364979ac0aa040 (patch)
tree	f5c4d2c7a3680fc17bc4e6bb3dcee33ed41e54ba /admin.pl
parent	8176af5e128b19af81d509450027e59471a54559 (diff)