httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: YA Apache DoS attack
Date Fri, 07 Aug 1998 23:31:22 GMT
On Fri, 7 Aug 1998, Jim Jagielski wrote:

> Ben Laurie wrote:
> > 
> > 
> > And here's a band-aid for 1.3.1 - I'm sure we'll come up with something better
> > soon. This (untested) patch should prevent the worst effects. A similar patch
> > should work for 1.2.x.
> 
> Even better would be to check the previous header with the present
> one and only increment if the same, since that's the only time this
> is a problem I think (could be wrong though).

Yea, but that isn't the real fix anyway so it doesn't matter.  We want to
look at this and see what can be done, since the problem is bigger.  

How hard would it be to make a new pool for stuff like this and add the
ability to limit the size of a pool?  Would that be useful?  Could we pick
a limit that isn't braindead and isn't too big?  etc.

No urgent need to rush a final fix for this in the next few hours.

> 
> > 
> > Index: http_protocol.c
> > ===================================================================
> > RCS file: /export/home/cvs/apache-1.3/src/main/http_protocol.c,v
> > retrieving revision 1.229
> > diff -u -r1.229 http_protocol.c
> > --- http_protocol.c     1998/08/06 17:30:30     1.229
> > +++ http_protocol.c     1998/08/07 23:02:56
> > @@ -714,6 +714,7 @@
> >      int len;
> >      char *value;
> >      char field[MAX_STRING_LEN];
> > +    int nheaders=0;
> >  
> >      /*
> >       * Read header lines until we get the empty separator line, a read error,
> > @@ -723,6 +724,11 @@
> >          char *copy = ap_palloc(r->pool, len + 1);
> >          memcpy(copy, field, len + 1);
> >  
> > +        if(++nheaders == 100) {
> > +           r->status = HTTP_BAD_REQUEST;
> > +           return;
> > +       }
> > +           
> >          if (!(value = strchr(copy, ':'))) {     /* Find the colon separator */
> >              r->status = HTTP_BAD_REQUEST;       /* or abort the bad request
*/
> >              return;
> > 
> > Cheers,
> > 
> > Ben.
> > 
> > -- 
> > Ben Laurie            |Phone: +44 (181) 735 0686| Apache Group member
> > Freelance Consultant  |Fax:   +44 (181) 735 0689|http://www.apache.org/
> > and Technical Director|Email: ben@algroup.co.uk |
> > A.L. Digital Ltd,     |Apache-SSL author     http://www.apache-ssl.org/
> > London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache/
> > 
> > WE'RE RECRUITING! http://www.aldigital.co.uk/recruit/
> > 
> 
> 
> -- 
> ===========================================================================
>    Jim Jagielski   |||   jim@jaguNET.com   |||   http://www.jaguNET.com/
>             "That's no ordinary rabbit... that's the most foul,
>             cruel and bad-tempered rodent you ever laid eyes on"
> 


Mime
View raw message