github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-09-29 19:24:29 +03:00
Code Issues Packages Projects Releases Wiki Activity

Ensure memory preallocation for streaming is bounded by SecRequestBodyLimit

Browse Source
This commit is contained in:
Allan Boll
2017-08-22 15:31:33 -07:00
committed by Felipe Zimmerle
parent 97b51ebfed
commit 023b863853
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apache2/msc_reqbody.c
View File

@@ -434,7 +434,8 @@ apr_status_t modsecurity_request_body_to_stream(modsec_rec *msr, const char *buf
if (msr->stream_input_data == NULL) { if (msr->stream_input_data == NULL) {
// Is the request body length is known beforehand? (requests that are not Transfer-Encoding: chunked) // Is the request body length is known beforehand? (requests that are not Transfer-Encoding: chunked)
if (msr->request_content_length > 0) { if (msr->request_content_length > 0) {
allocate_length = msr->request_content_length; // Use min of Content-Length and SecRequestBodyLimit
allocate_length = min(msr->request_content_length, msr->txcfg->reqbody_limit);
} }
else { else {
// We don't know how this request is going to be, so hope for just buflen to begin with (requests that are Transfer-Encoding: chunked) // We don't know how this request is going to be, so hope for just buflen to begin with (requests that are Transfer-Encoding: chunked)
@@ -472,6 +473,9 @@ apr_status_t modsecurity_request_body_to_stream(modsec_rec *msr, const char *buf
"Unable to reallocate memory to hold request body on stream. Asked for %" APR_SIZE_T_FMT " bytes.", "Unable to reallocate memory to hold request body on stream. Asked for %" APR_SIZE_T_FMT " bytes.",
allocate_length); allocate_length);
free(msr->stream_input_data); free(msr->stream_input_data);
msr->stream_input_data = NULL;
msr->stream_input_length = 0;
msr->stream_input_allocated_length = 0;
return -1; return -1;
} }
} }