Autres/Rivendellaudio
1
0
Fork 0
mirror of https://github.com/ElvishArtisan/rivendell.git synced 2025-10-16 23:51:20 +02:00
Code Issues Projects Releases Wiki Activity

2023-05-17 Fred Gleason <fredg@paravelsystems.com>

Browse Source 
* Fixed a vulnerabilities in 'RDFormPost' that could allow maximum
	post length restrictions to be bypassed by use of a maliciously
	crafted HTTP transaction.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason
2023-05-17 14:38:52 -04:00
parent 5eb1c39231
commit 41224a393a
3 changed files with 62 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/rdformpost.h
View File

@@ -2,7 +2,7 @@
//
// Handle POST data from an HTML form.
//
// (C) Copyright 2009-2020 Fred Gleason <fredg@paravelsystems.com>
// (C) Copyright 2009-2023 Fred Gleason <fredg@paravelsystems.com>
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License version 2 as
@@ -67,8 +67,8 @@ class RDFormPost
private:
void LoadUrlEncoding(char first);
void LoadMultipartEncoding(char first);
bool GetMimePart(QString *name,QString *value,bool *is_file);
QByteArray GetLine() const;
bool GetMimePart(QString *name,QString *value,bool *is_file,bool *ok);
QByteArray GetLine(bool *ok);
QHostAddress post_client_address;
RDFormPost::Encoding post_encoding;
RDFormPost::Error post_error;
@@ -79,6 +79,7 @@ class RDFormPost
int64_t post_content_length;
QString post_content_type;
char *post_data;
int64_t post_bytes_downloaded;
QString post_separator;
FILE *post_stream;
};