Commit16c2fcc

committed

Ensure memory preallocation for streaming is bounded by SecRequestBodyLimit

1 parent940e2b6 commit16c2fccCopy full SHA for 16c2fcc

File tree

-1

lines changed

-1

lines changed

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -434,7 +434,8 @@ apr_status_t modsecurity_request_body_to_stream(modsec_rec msr, const char buf`
`434`	`434`	`if (msr->stream_input_data==NULL) {`
`435`	`435`	`// Is the request body length is known beforehand? (requests that are not Transfer-Encoding: chunked)`
`436`	`436`	`if (msr->request_content_length>0) {`
`437`		`-allocate_length=msr->request_content_length;`
	`437`	`+// Use min of Content-Length and SecRequestBodyLimit`
	`438`	`+allocate_length=min(msr->request_content_length,msr->txcfg->reqbody_limit);`
`438`	`439`	`}`
`439`	`440`	`else {`
`440`	`441`	`// We don't know how this request is going to be, so hope for just buflen to begin with (requests that are Transfer-Encoding: chunked)`
`@@ -472,6 +473,9 @@ apr_status_t modsecurity_request_body_to_stream(modsec_rec msr, const char buf`
`472`	`473`	`"Unable to reallocate memory to hold request body on stream. Asked for %"APR_SIZE_T_FMT" bytes.",`
`473`	`474`	`allocate_length);`
`474`	`475`	`free(msr->stream_input_data);`
	`476`	`+msr->stream_input_data=NULL;`
	`477`	`+msr->stream_input_length=0;`
	`478`	`+msr->stream_input_allocated_length=0;`
`475`	`479`	`return-1;`
`476`	`480`	`}`
`477`	`481`	`}`

Comments

(0)