Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
| Comment: | Limit the number of query parameters that the CGI processor will handle before giving up, to make DOS attacks harder. |
|---|---|
| Downloads: | Tarball | ZIP archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
2827d449a994c928f9bf347ed9c2c4ce |
| User & Date: | drh 2012-01-12 00:44:19.742 |
Context
|
2012-01-18
| ||
| 07:10 | Cleanup and unify the MinGW makefiles. ... (check-in: a88a241d72 user: mistachkin tags: trunk) | |
| 06:06 | Start of experimental support for post-push TH1 scripting. ... (check-in: a11b7f1535 user: mistachkin tags: pushScript) | |
|
2012-01-15
| ||
| 18:06 | Merge latest changes from trunk ... (check-in: b3130baa06 user: ashish tags: ashish-ipv6) | |
|
2012-01-12
| ||
| 00:44 | Merge trunk changes into the retro-sbsdiff branch. ... (check-in: f07f7753ee user: drh tags: retro-sbsdiff) | |
| 00:44 | Limit the number of query parameters that the CGI processor will handle before giving up, to make DOS attacks harder. ... (check-in: 2827d449a9 user: drh tags: trunk) | |
|
2012-01-11
| ||
| 17:48 | Fix the file change detection logic so that it does not destroy merge history. Ticket [5a855f1bc6351f5]. ... (check-in: bcd718e924 user: drh tags: trunk) | |
Changes
Changes to src/cgi.c.
| ︙ | ︙ | |||
408 409 410 411 412 413 414 415 416 417 418 419 420 421 |
**
** zName and zValue are not copied and must not change or be
** deallocated after this routine returns.
*/
void cgi_set_parameter_nocopy(const char *zName, const char *zValue){
if( nAllocQP<=nUsedQP ){
nAllocQP = nAllocQP*2 + 10;
aParamQP = fossil_realloc( aParamQP, nAllocQP*sizeof(aParamQP[0]) );
}
aParamQP[nUsedQP].zName = zName;
aParamQP[nUsedQP].zValue = zValue;
if( g.fHttpTrace ){
fprintf(stderr, "# cgi: %s = [%s]\n", zName, zValue);
}
| > > > > | 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 |
**
** zName and zValue are not copied and must not change or be
** deallocated after this routine returns.
*/
void cgi_set_parameter_nocopy(const char *zName, const char *zValue){
if( nAllocQP<=nUsedQP ){
nAllocQP = nAllocQP*2 + 10;
if( nAllocQP>1000 ){
/* Prevent a DOS service attack against the framework */
fossil_fatal("Too many query parameters");
}
aParamQP = fossil_realloc( aParamQP, nAllocQP*sizeof(aParamQP[0]) );
}
aParamQP[nUsedQP].zName = zName;
aParamQP[nUsedQP].zValue = zValue;
if( g.fHttpTrace ){
fprintf(stderr, "# cgi: %s = [%s]\n", zName, zValue);
}
|
| ︙ | ︙ |