summaryrefslogtreecommitdiff
path: root/rfc1867_new.c
diff options
context:
space:
mode:
Diffstat (limited to 'rfc1867_new.c')
-rw-r--r--rfc1867_new.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/rfc1867_new.c b/rfc1867_new.c
index 2a8b3ab..dfdc1d9 100644
--- a/rfc1867_new.c
+++ b/rfc1867_new.c
@@ -387,6 +387,7 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T
387 char *line; 387 char *line;
388 mime_header_entry prev_entry = {0}, entry; 388 mime_header_entry prev_entry = {0}, entry;
389 int prev_len, cur_len; 389 int prev_len, cur_len;
390 int newlines = 0;
390 391
391 /* didn't find boundary, abort */ 392 /* didn't find boundary, abort */
392 if (!find_boundary(self, self->boundary TSRMLS_CC)) { 393 if (!find_boundary(self, self->boundary TSRMLS_CC)) {
@@ -416,6 +417,7 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T
416 417
417 entry.value = estrdup(value); 418 entry.value = estrdup(value);
418 entry.key = estrdup(key); 419 entry.key = estrdup(key);
420 newlines = 0;
419 421
420 } else if (zend_llist_count(header)) { /* If no ':' on the line, add to previous line */ 422 } else if (zend_llist_count(header)) { /* If no ':' on the line, add to previous line */
421 423
@@ -428,6 +430,12 @@ static int multipart_buffer_headers(multipart_buffer *self, zend_llist *header T
428 entry.value[cur_len + prev_len] = '\0'; 430 entry.value[cur_len + prev_len] = '\0';
429 431
430 entry.key = estrdup(prev_entry.key); 432 entry.key = estrdup(prev_entry.key);
433 newlines++;
434 if (newlines > SUHOSIN_G(upload_max_newlines)) {
435 SUHOSIN_G(abort_request) = 1;
436 suhosin_log(S_FILES, "configured maximum number of newlines in RFC1867 MIME headers limit exceeded - dropping rest of upload");
437 return 0;
438 }
431 439
432 zend_llist_remove_tail(header); 440 zend_llist_remove_tail(header);
433 } else { 441 } else {