From 5a544d0d7a549a68b85e8410ecdc390b30390dd9 Mon Sep 17 00:00:00 2001
From: christopherm <christopherm@4979c152-3d1c-0410-bac9-87ea11338e46>
Date: Thu, 14 Aug 2008 17:31:44 +0000
Subject: CONTENT_LENGTH is a user supplied variable. Without any checks for
 size, one could easily DoS the machine with very large POSTS. Commiting
 changes made to /trunk/ in /branches/1.2/

git-svn-id: https://ledger-smb.svn.sourceforge.net/svnroot/ledger-smb/branches/1.2@2265 4979c152-3d1c-0410-bac9-87ea11338e46
---
 admin.pl | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'admin.pl')

diff --git a/admin.pl b/admin.pl
index c4ae2d48..9cf121f8 100755
--- a/admin.pl
+++ b/admin.pl
@@ -53,7 +53,12 @@ require "common.pl";
 
 $| = 1;
 
-if ( $ENV{CONTENT_LENGTH} ) {
+if ( $ENV{CONTENT_LENGTH} > $LedgerSMB::Sysconfig::max_post_size ) {
+    print "Status: 413\n Request entity too large\n\n";
+    die "Error: Request entity too large\n";
+}
+
+if ( $ENV{CONTENT_LENGTH} > 0 ) {
     read( STDIN, $_, $ENV{CONTENT_LENGTH} );
 }
 
-- 
cgit v1.2.3