Date: Thu, 24 Jun 2004 03:10:19 +0900 From: "Akinori MUSHA" <knu@iDaemons.org> To: freebsd-cvsweb@freebsd.org Subject: limiting the query string length Message-ID: <86eko6gn78.knu@iDaemons.org>
next in thread | raw e-mail | index | archive | help
Hi,
What about limiting the query string length to prevent potential
exploit attacks against cvs?
Index: cvsweb.cgi
===================================================================
RCS file: /mirror/freebsd/ncvs/root/projects/projects/cvsweb/cvsweb.cgi,v
retrieving revision 1.259
diff -u -r1.259 cvsweb.cgi
--- cvsweb.cgi 8 May 2004 14:13:40 -0000 1.259
+++ cvsweb.cgi 23 Jun 2004 17:28:15 -0000
@@ -384,7 +384,9 @@
my %query = ();
if (defined($ENV{QUERY_STRING})) {
- for my $p (split(/[;&]+/, $ENV{QUERY_STRING})) {
+ my $qs = $ENV{QUERY_STRING};
+ length($qs) >= 1024 and fatal('500 Internal Error', 'Malformed request.');
+ for my $p (split(/[;&]+/, $qs)) {
next unless $p;
$p =~ y/+/ /;
my ($key, $val) = split(/=/, $p, 2);
Regards,
--
/
/__ __ Akinori.org / MUSHA.org
/ ) ) ) ) / FreeBSD.org / Ruby-lang.org
Akinori MUSHA aka / (_ / ( (__( @ iDaemons.org / and.or.jp
"It seems to me as we make our own few circles 'round the sun
We get it backwards and our seven years go by like one"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86eko6gn78.knu>