user/dev discussion of public-inbox itself
 help / color / mirror / code / Atom feed
Search results ordered by [date|relevance]  view[summary|nested|Atom feed]
thread overview below | download mbox.gz: |
* [PATCH 1/3] http: reject excessive headers
  2016-03-06  2:09  7% [PATCH 0/3] http: some DoS prevention Eric Wong
@ 2016-03-06  2:09  6% ` Eric Wong
  0 siblings, 0 replies; 2+ results
From: Eric Wong @ 2016-03-06  2:09 UTC (permalink / raw)
  To: meta; +Cc: Eric Wong

HTTP::Parser::XS::PP does not reject excessively large
headers like the XS version.  Ensure we reject headers
over 16K since public-inbox should never need such large
request headers.
---
 lib/PublicInbox/HTTP.pm |  6 +++++-
 t/httpd-corner.t        | 12 ++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/lib/PublicInbox/HTTP.pm b/lib/PublicInbox/HTTP.pm
index 6c4c20d..8988e7d 100644
--- a/lib/PublicInbox/HTTP.pm
+++ b/lib/PublicInbox/HTTP.pm
@@ -70,7 +70,11 @@ sub rbuf_process {
 
 	# We do not support Trailers in chunked requests, for now
 	# (they are rarely-used and git (as of 2.7.2) does not use them)
-	return quit($self, 400) if $r == -1 || $env{HTTP_TRAILER};
+	if ($r == -1 || $env{HTTP_TRAILER} ||
+			# this length-check is necessary for PURE_PERL=1:
+			($r == -2 && length($self->{rbuf}) > 0x4000)) {
+		return quit($self, 400);
+	}
 	return $self->watch_read(1) if $r < 0; # incomplete
 	$self->{rbuf} = substr($self->{rbuf}, $r);
 
diff --git a/t/httpd-corner.t b/t/httpd-corner.t
index 833eb42..8670846 100644
--- a/t/httpd-corner.t
+++ b/t/httpd-corner.t
@@ -84,6 +84,18 @@ my $spawn_httpd = sub {
 	is($body, "hello world\n", 'callback body matches expected');
 }
 
+{
+	my $conn = conn_for($sock, 'excessive header');
+	$SIG{PIPE} = 'IGNORE';
+	$conn->write("GET /callback HTTP/1.0\r\n");
+	foreach my $i (1..500000) {
+		last unless $conn->write("X-xxxxxJunk-$i: omg\r\n");
+	}
+	ok(!$conn->write("\r\n"), 'broken request');
+	ok($conn->read(my $buf, 8192), 'read response');
+	my ($head, $body) = split(/\r\n\r\n/, $buf);
+	like($head, qr/\b400\b/, 'got 400 response');
+}
 
 # Unix domain sockets
 {
-- 
EW


^ permalink raw reply related	[relevance 6%]

* [PATCH 0/3] http: some DoS prevention
@ 2016-03-06  2:09  7% Eric Wong
  2016-03-06  2:09  6% ` [PATCH 1/3] http: reject excessive headers Eric Wong
  0 siblings, 1 reply; 2+ results
From: Eric Wong @ 2016-03-06  2:09 UTC (permalink / raw)
  To: meta

Since public-inbox-httpd is may face untrusted clients directly
without a reverse proxy like haproxy/nginx; we should have some
basic protection to avoid DoS attacks involving excessive
resource use.

Eric Wong (3):
      http: reject excessive headers
      http: ensure errors are printable before PSGI env
      http: reject excessively large HTTP request bodies

 lib/PublicInbox/HTTP.pm | 23 ++++++++++++++++++++---
 t/httpd-corner.t        | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+), 3 deletions(-)

^ permalink raw reply	[relevance 7%]

Results 1-2 of 2 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2016-03-06  2:09  7% [PATCH 0/3] http: some DoS prevention Eric Wong
2016-03-06  2:09  6% ` [PATCH 1/3] http: reject excessive headers Eric Wong

Code repositories for project(s) associated with this public inbox

	https://80x24.org/public-inbox.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).