limiting the query string length
Akinori MUSHA
knu at iDaemons.org
Wed Jun 23 18:10:27 GMT 2004
Hi,
What about limiting the query string length to prevent potential
exploit attacks against cvs?
Index: cvsweb.cgi
===================================================================
RCS file: /mirror/freebsd/ncvs/root/projects/projects/cvsweb/cvsweb.cgi,v
retrieving revision 1.259
diff -u -r1.259 cvsweb.cgi
--- cvsweb.cgi 8 May 2004 14:13:40 -0000 1.259
+++ cvsweb.cgi 23 Jun 2004 17:28:15 -0000
@@ -384,7 +384,9 @@
my %query = ();
if (defined($ENV{QUERY_STRING})) {
- for my $p (split(/[;&]+/, $ENV{QUERY_STRING})) {
+ my $qs = $ENV{QUERY_STRING};
+ length($qs) >= 1024 and fatal('500 Internal Error', 'Malformed request.');
+ for my $p (split(/[;&]+/, $qs)) {
next unless $p;
$p =~ y/+/ /;
my ($key, $val) = split(/=/, $p, 2);
Regards,
--
/
/__ __ Akinori.org / MUSHA.org
/ ) ) ) ) / FreeBSD.org / Ruby-lang.org
Akinori MUSHA aka / (_ / ( (__( @ iDaemons.org / and.or.jp
"It seems to me as we make our own few circles 'round the sun
We get it backwards and our seven years go by like one"
More information about the freebsd-cvsweb
mailing list