forks
/
arsd
mirror of https://github.com/adamdruppe/arsd.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sanity check on header size jic

This commit is contained in:
Adam D. Ruppe 2019-03-09 12:00:41 -05:00
parent b106b2cc5c
commit b426390abe
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cgi.d
View File

@ -384,6 +384,12 @@ int locationOf(T)(T[] data, string item) {
const(ubyte[]) d = cast(const(ubyte[])) data; const(ubyte[]) d = cast(const(ubyte[])) data;
const(ubyte[]) i = cast(const(ubyte[])) item; const(ubyte[]) i = cast(const(ubyte[])) item;
// this is a vague sanity check to ensure we aren't getting insanely
// sized input that will infinite loop below. it should never happen;
// even huge file uploads ought to come in smaller individual pieces.
if(d.length > (int.max/2))
throw new Exception("excessive block of input");
for(int a = 0; a < d.length; a++) { for(int a = 0; a < d.length; a++) {
if(a + i.length > d.length) if(a + i.length > d.length)
return -1; return -1;