From: Andy Green <andy.green@linaro.org>
Date: Tue, 12 Feb 2013 05:10:19 +0000 (+0800)
Subject: security disallow repeated GET
X-Git-Tag: accepted/2.0/20130307.220733~74
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=628d6ab181f7ceb4cd0c3294efac1b217e62e14c;p=profile%2Fivi%2Flibwebsockets.git

security disallow repeated GET

Signed-off-by: Andy Green <andy.green@linaro.org>
---

diff --git a/lib/parsers.c b/lib/parsers.c
index 953e5d8..23c3b94 100644
--- a/lib/parsers.c
+++ b/lib/parsers.c
@@ -512,6 +512,12 @@ int libwebsocket_parse(struct libwebsocket *wsi, unsigned char c)
 
 			lwsl_parser("known hdr '%s'\n", wsi->u.hdr.name_buffer);
 
+			if (n == WSI_TOKEN_GET_URI &&
+				wsi->u.hdr.ah->frag_index[WSI_TOKEN_GET_URI]) {
+				lwsl_warn("Duplicated GET\n");
+				return -1;
+			}
+
 			/*
 			 * WSORIGIN is protocol equiv to ORIGIN,
 			 * JWebSocket likes to send it, map to ORIGIN