Skip to content

W
wendelin.core
Commit 6d4007b2 authored by Kirill Smelkov's avatar Kirill Smelkov
Browse files
Options

.

parent f8d30e17
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 3 deletions
wcfs/client/wcfs_watchlink.cpp
View file @ 6d4007b2
...@@ -420,6 +420,10 @@ tuple<string, error> _WatchLink::_readline() { ...@@ -420,6 +420,10 @@ tuple<string, error> _WatchLink::_readline() {
} }
nl_searchfrom = wlink._rxbuf.length(); nl_searchfrom = wlink._rxbuf.length();
// limit line length to avoid DoS
if (wlink._rxbuf.length() > 128)
return make_tuple("", fmt::errorf("line is too long"));
int n; int n;
error err; error err;
//trace("\t_readline -> read ...\n"); //trace("\t_readline -> read ...\n");
...@@ -427,9 +431,6 @@ tuple<string, error> _WatchLink::_readline() { ...@@ -427,9 +431,6 @@ tuple<string, error> _WatchLink::_readline() {
//trace("\t_readline -> read: n=%d err='%s'\n", n, v(err)); //trace("\t_readline -> read: n=%d err='%s'\n", n, v(err));
if (n > 0) { if (n > 0) {
wlink._rxbuf += string(buf, n); wlink._rxbuf += string(buf, n);
// limit line length to avoid DoS
if (wlink._rxbuf.length() > 128) // XXX limit arbitrary
return make_tuple("", fmt::errorf("line is too long"));
continue; continue;
} }
if (err == nil) if (err == nil)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7