5553223297
libhttp/url.c in shellinabox through 2.20 has an implementation flaw in the HTTP request parsing logic. By sending a crafted multipart/form-data HTTP request, an attacker could exploit this to force shellinaboxd into an infinite loop, exhausting available CPU resources and taking the service down. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
27 lines
848 B
Diff
27 lines
848 B
Diff
From 7f47efe1717c381f86566fabe0b1ced8cb98fe8f Mon Sep 17 00:00:00 2001
|
|
From: irsl <irsl@users.noreply.github.com>
|
|
Date: Fri, 26 Oct 2018 11:51:15 +0200
|
|
Subject: [PATCH] fix for broken multipart/form-data
|
|
|
|
Malformed multipart/form-data payload results in infinite loop and thus denial of service
|
|
[Upstream status: https://github.com/shellinabox/shellinabox/pull/446]
|
|
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
|
---
|
|
libhttp/url.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/libhttp/url.c b/libhttp/url.c
|
|
index ed29475..4177871 100644
|
|
--- a/libhttp/url.c
|
|
+++ b/libhttp/url.c
|
|
@@ -312,6 +312,9 @@ static void urlParsePostBody(struct URL *url,
|
|
}
|
|
}
|
|
}
|
|
+ } else {
|
|
+ warn("[http] broken multipart/form-data!");
|
|
+ break;
|
|
}
|
|
}
|
|
if (lastPart) {
|