projects
/
profile
/
ivi
/
libwebsockets.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
fa01b04
)
security disallow repeated GET
87/3087/1
author
Andy Green
<andy.green@linaro.org>
Tue, 12 Feb 2013 05:10:19 +0000
(13:10 +0800)
committer
Kevron Rees
<kevron_m_rees@linux.intel.com>
Thu, 7 Mar 2013 21:01:35 +0000
(13:01 -0800)
Signed-off-by: Andy Green <andy.green@linaro.org>
lib/parsers.c
patch
|
blob
|
history
diff --git
a/lib/parsers.c
b/lib/parsers.c
index
953e5d8
..
23c3b94
100644
(file)
--- a/
lib/parsers.c
+++ b/
lib/parsers.c
@@
-512,6
+512,12
@@
int libwebsocket_parse(struct libwebsocket *wsi, unsigned char c)
lwsl_parser("known hdr '%s'\n", wsi->u.hdr.name_buffer);
+ if (n == WSI_TOKEN_GET_URI &&
+ wsi->u.hdr.ah->frag_index[WSI_TOKEN_GET_URI]) {
+ lwsl_warn("Duplicated GET\n");
+ return -1;
+ }
+
/*
* WSORIGIN is protocol equiv to ORIGIN,
* JWebSocket likes to send it, map to ORIGIN