security disallow repeated GET

author Andy Green <andy.green@linaro.org>

Tue, 12 Feb 2013 05:10:19 +0000 (13:10 +0800)

committer Kevron Rees <kevron_m_rees@linux.intel.com>

Thu, 7 Mar 2013 21:01:35 +0000 (13:01 -0800)
author Andy Green <andy.green@linaro.org>
Tue, 12 Feb 2013 05:10:19 +0000 (13:10 +0800)
committer Kevron Rees <kevron_m_rees@linux.intel.com>
Thu, 7 Mar 2013 21:01:35 +0000 (13:01 -0800)
diff --git a/lib/parsers.c b/lib/parsers.c

index 953e5d8..23c3b94 100644 (file)
--- a/lib/parsers.c
+++ b/lib/parsers.c
@@ -512,6 +512,12 @@ int libwebsocket_parse(struct libwebsocket *wsi, unsigned char c)
  
                         lwsl_parser("known hdr '%s'\n", wsi->u.hdr.name_buffer);
  
+                       if (n == WSI_TOKEN_GET_URI &&
+                               wsi->u.hdr.ah->frag_index[WSI_TOKEN_GET_URI]) {
+                               lwsl_warn("Duplicated GET\n");
+                               return -1;
+                       }
+
                         /*
                          * WSORIGIN is protocol equiv to ORIGIN,
                          * JWebSocket likes to send it, map to ORIGIN
author	Andy Green <andy.green@linaro.org>
	Tue, 12 Feb 2013 05:10:19 +0000 (13:10 +0800)
committer	Kevron Rees <kevron_m_rees@linux.intel.com>
	Thu, 7 Mar 2013 21:01:35 +0000 (13:01 -0800)