From 5a544d0d7a549a68b85e8410ecdc390b30390dd9 Mon Sep 17 00:00:00 2001
From: christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46>
Date: Thu, 14 Aug 2008 17:31:44 +0000
Subject: CONTENT_LENGTH is a user supplied variable. Without any checks for
 size, one could easily DoS the machine with very large POSTS. Commiting
 changes made to /trunk/ in /branches/1.2/

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@2265 4979c152-3d1c-0410-bac9-87ea11338e46
---
 LedgerSMB/Form.pm | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'LedgerSMB')

diff --git a/LedgerSMB/Form.pm b/LedgerSMB/Form.pm
index 6cb65964..e37de58a 100755
--- a/LedgerSMB/Form.pm
+++ b/LedgerSMB/Form.pm
@@ -52,6 +52,11 @@ sub new {
 
     my $argstr = shift;
 
+    if ($ENV{CONTENT_LENGTH} > $LedgerSMB::Sysconfig::max_post_size) {
+        print "Status: 413\n Request entity too large\n\n";
+        die "Error: Request entity too large\n";
+    }
+
     read( STDIN, $_, $ENV{CONTENT_LENGTH} );
 
     if ($argstr) {
-- 
cgit v1.2.3