emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

httpd: check denied IPs even before reading 1st query line

Browse Source 
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2019-04-16 12:59:20 +02:00
parent c69f648457
commit 44f5b6a1cb
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
networking/httpd.c
View File

@ -2113,6 +2113,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
if (verbose > 2) if (verbose > 2)
bb_error_msg("connected"); bb_error_msg("connected");
} }
if_ip_denied_send_HTTP_FORBIDDEN_and_exit();
/* Install timeout handler. get_line() needs it. */ /* Install timeout handler. get_line() needs it. */
signal(SIGALRM, send_REQUEST_TIMEOUT_and_exit); signal(SIGALRM, send_REQUEST_TIMEOUT_and_exit);
@ -2147,7 +2148,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
send_headers_and_exit(HTTP_BAD_REQUEST); send_headers_and_exit(HTTP_BAD_REQUEST);
/* Find end of URL and parse HTTP version, if any */ /* Find end of URL and parse HTTP version, if any */
//TODO: mayybe just reject all queries which have no " HTTP/xyz" suffix? //TODO: maybe just reject all queries which have no " HTTP/xyz" suffix?
//Then 'http_major_version' can be deleted //Then 'http_major_version' can be deleted
http_major_version = ('0' - 1); /* "less than 0th" version */ http_major_version = ('0' - 1); /* "less than 0th" version */
HTTP_slash = strchrnul(urlp, ' '); HTTP_slash = strchrnul(urlp, ' ');
@ -2261,7 +2262,6 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
bb_error_msg("url:%s", urlcopy); bb_error_msg("url:%s", urlcopy);
tptr = urlcopy; tptr = urlcopy;
if_ip_denied_send_HTTP_FORBIDDEN_and_exit();
while ((tptr = strchr(tptr + 1, '/')) != NULL) { while ((tptr = strchr(tptr + 1, '/')) != NULL) {
/* have path1/path2 */ /* have path1/path2 */
*tptr = '\0'; *tptr = '\0';