Summary
Two related hardening issues in HTTP request parsing:
1. No Content-Length validation for POST (httppars.c:144-156)
POST data is read without checking the Content-Length header. A large payload fills the buffer but excess data remains on the socket, corrupting subsequent keep-alive requests.
Fix: Parse Content-Length, reject payloads exceeding CBUFSIZE with HTTP 413 Payload Too Large.
2. No limit on query/POST parameter count (httppars.c:52-66)
Each query parameter is stored via array_add() to the environment. An attacker can send thousands of parameters, exhausting memory.
Fix: Define a maximum parameter count (e.g., 256) and reject requests exceeding it.
Severity
MEDIUM — resource exhaustion and protocol confusion attacks.
Summary
Two related hardening issues in HTTP request parsing:
1. No Content-Length validation for POST (httppars.c:144-156)
POST data is read without checking the Content-Length header. A large payload fills the buffer but excess data remains on the socket, corrupting subsequent keep-alive requests.
Fix: Parse Content-Length, reject payloads exceeding CBUFSIZE with HTTP 413 Payload Too Large.
2. No limit on query/POST parameter count (httppars.c:52-66)
Each query parameter is stored via
array_add()to the environment. An attacker can send thousands of parameters, exhausting memory.Fix: Define a maximum parameter count (e.g., 256) and reject requests exceeding it.
Severity
MEDIUM — resource exhaustion and protocol confusion attacks.