diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2019-04-16 12:59:20 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2019-04-16 12:59:20 +0200 |
| commit | 44f5b6a1cb66ee0a6d253de306b167baf33d02c9 (patch) | |
| tree | efe7cb594d0fff9ca846c9c890683870eae95857 | |
| parent | c69f648457a552518f92c5a70689bd106f03ec13 (diff) | |
| download | busybox-w32-44f5b6a1cb66ee0a6d253de306b167baf33d02c9.tar.gz busybox-w32-44f5b6a1cb66ee0a6d253de306b167baf33d02c9.tar.bz2 busybox-w32-44f5b6a1cb66ee0a6d253de306b167baf33d02c9.zip | |
httpd: check denied IPs even before reading 1st query line
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | networking/httpd.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/networking/httpd.c b/networking/httpd.c index 205c434bf..d29335c3c 100644 --- a/networking/httpd.c +++ b/networking/httpd.c | |||
| @@ -2113,6 +2113,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr) | |||
| 2113 | if (verbose > 2) | 2113 | if (verbose > 2) |
| 2114 | bb_error_msg("connected"); | 2114 | bb_error_msg("connected"); |
| 2115 | } | 2115 | } |
| 2116 | if_ip_denied_send_HTTP_FORBIDDEN_and_exit(); | ||
| 2116 | 2117 | ||
| 2117 | /* Install timeout handler. get_line() needs it. */ | 2118 | /* Install timeout handler. get_line() needs it. */ |
| 2118 | signal(SIGALRM, send_REQUEST_TIMEOUT_and_exit); | 2119 | signal(SIGALRM, send_REQUEST_TIMEOUT_and_exit); |
| @@ -2147,7 +2148,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr) | |||
| 2147 | send_headers_and_exit(HTTP_BAD_REQUEST); | 2148 | send_headers_and_exit(HTTP_BAD_REQUEST); |
| 2148 | 2149 | ||
| 2149 | /* Find end of URL and parse HTTP version, if any */ | 2150 | /* Find end of URL and parse HTTP version, if any */ |
| 2150 | //TODO: mayybe just reject all queries which have no " HTTP/xyz" suffix? | 2151 | //TODO: maybe just reject all queries which have no " HTTP/xyz" suffix? |
| 2151 | //Then 'http_major_version' can be deleted | 2152 | //Then 'http_major_version' can be deleted |
| 2152 | http_major_version = ('0' - 1); /* "less than 0th" version */ | 2153 | http_major_version = ('0' - 1); /* "less than 0th" version */ |
| 2153 | HTTP_slash = strchrnul(urlp, ' '); | 2154 | HTTP_slash = strchrnul(urlp, ' '); |
| @@ -2261,7 +2262,6 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr) | |||
| 2261 | bb_error_msg("url:%s", urlcopy); | 2262 | bb_error_msg("url:%s", urlcopy); |
| 2262 | 2263 | ||
| 2263 | tptr = urlcopy; | 2264 | tptr = urlcopy; |
| 2264 | if_ip_denied_send_HTTP_FORBIDDEN_and_exit(); | ||
| 2265 | while ((tptr = strchr(tptr + 1, '/')) != NULL) { | 2265 | while ((tptr = strchr(tptr + 1, '/')) != NULL) { |
| 2266 | /* have path1/path2 */ | 2266 | /* have path1/path2 */ |
| 2267 | *tptr = '\0'; | 2267 | *tptr = '\0'; |