From f9d2f614db67042918fd6eee9c1d61b764fb0e43 Mon Sep 17 00:00:00 2001
From: psychon <psychon@726aef4b-f618-498e-8847-2d620e286838>
Date: Wed, 8 Sep 2010 17:41:10 +0000
Subject: [PATCH] CIncomingConnection: Reject long input lines

This should make DoS attacks that try to make znc eat lots of memory a lot
harder to do (= Don't bother trying).


git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2124 726aef4b-f618-498e-8847-2d620e286838
---
 Listener.cpp | 13 +++++++++++++
 Listener.h   |  1 +
 2 files changed, 14 insertions(+)

diff --git a/Listener.cpp b/Listener.cpp
index 52d66184..95ac4a62 100644
--- a/Listener.cpp
+++ b/Listener.cpp
@@ -76,6 +76,19 @@ CIncomingConnection::CIncomingConnection(const CString& sHostname, unsigned shor
 	EnableReadLine();
 }
 
+void CIncomingConnection::ReachedMaxBuffer() {
+	if (GetCloseType() != CLT_DONT)
+		return; // Already closing
+
+	// We don't actually SetMaxBufferThreshold() because that would be
+	// inherited by sockets after SwapSockByAddr().
+	if (GetInternalReadBuffer().length() <= 4096)
+		return;
+
+	// We should never get here with legitimate requests :/
+	Close();
+}
+
 void CIncomingConnection::ReadLine(const CString& sLine) {
 	bool bIsHTTP = (sLine.WildCmp("GET * HTTP/1.?\r\n") || sLine.WildCmp("POST * HTTP/1.?\r\n"));
 	bool bAcceptHTTP = (m_eAcceptType == CListener::ACCEPT_ALL)
diff --git a/Listener.h b/Listener.h
index 709c4585..28550411 100644
--- a/Listener.h
+++ b/Listener.h
@@ -78,6 +78,7 @@ public:
 	CIncomingConnection(const CString& sHostname, unsigned short uPort, CListener::EAcceptType eAcceptType);
 	virtual ~CIncomingConnection() {}
 	virtual void ReadLine(const CString& sData);
+	virtual void ReachedMaxBuffer();
 
 private:
 	CListener::EAcceptType m_eAcceptType;