httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: YA Apache DoS attack
Date Fri, 07 Aug 1998 23:29:19 GMT
Ben Laurie wrote:
> 
> 
> And here's a band-aid for 1.3.1 - I'm sure we'll come up with something better
> soon. This (untested) patch should prevent the worst effects. A similar patch
> should work for 1.2.x.

Even better would be to check the previous header with the present
one and only increment if the same, since that's the only time this
is a problem I think (could be wrong though).

> 
> Index: http_protocol.c
> ===================================================================
> RCS file: /export/home/cvs/apache-1.3/src/main/http_protocol.c,v
> retrieving revision 1.229
> diff -u -r1.229 http_protocol.c
> --- http_protocol.c     1998/08/06 17:30:30     1.229
> +++ http_protocol.c     1998/08/07 23:02:56
> @@ -714,6 +714,7 @@
>      int len;
>      char *value;
>      char field[MAX_STRING_LEN];
> +    int nheaders=0;
>  
>      /*
>       * Read header lines until we get the empty separator line, a read error,
> @@ -723,6 +724,11 @@
>          char *copy = ap_palloc(r->pool, len + 1);
>          memcpy(copy, field, len + 1);
>  
> +        if(++nheaders == 100) {
> +           r->status = HTTP_BAD_REQUEST;
> +           return;
> +       }
> +           
>          if (!(value = strchr(copy, ':'))) {     /* Find the colon separator */
>              r->status = HTTP_BAD_REQUEST;       /* or abort the bad request */
>              return;
> 
> Cheers,
> 
> Ben.
> 
> -- 
> Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
> Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
> and Technical Director|Email: ben@algroup.co.uk |
> A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
> London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/
> 
> WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/
> 


-- 
===========================================================================
   Jim Jagielski   |||   jim@jaguNET.com   |||   http://www.jaguNET.com/
            "That's no ordinary rabbit... that's the most foul,
            cruel and bad-tempered rodent you ever laid eyes on"

Mime
View raw message