--- src/child.c.orig Sun Jan 10 23:52:04 2010 +++ src/child.c Mon Aug 20 11:47:33 2012 @@ -20,6 +20,9 @@ * processing incoming connections. */ +#include +#include + #include "main.h" #include "child.h" @@ -196,6 +199,7 @@ static void child_main (struct child_s *ptr) } ptr->connects = 0; + srand(time(NULL)); while (!config.quit) { ptr->status = T_WAITING; --- src/hashmap.c.orig Mon Jan 25 19:24:01 2010 +++ src/hashmap.c Mon Aug 20 11:47:33 2012 @@ -25,6 +25,8 @@ * don't try to free the data, or realloc the memory. :) */ +#include + #include "main.h" #include "hashmap.h" @@ -50,6 +52,7 @@ struct hashbucket_s { }; struct hashmap_s { + uint32_t seed; unsigned int size; hashmap_iter end_iterator; @@ -65,7 +68,7 @@ struct hashmap_s { * * If any of the arguments are invalid a negative number is returned. */ -static int hashfunc (const char *key, unsigned int size) +static int hashfunc (const char *key, unsigned int size, uint32_t seed) { uint32_t hash; @@ -74,7 +77,7 @@ static int hashfunc (const char *key, unsigned int siz if (size == 0) return -ERANGE; - for (hash = tolower (*key++); *key != '\0'; key++) { + for (hash = seed; *key != '\0'; key++) { uint32_t bit = (hash & 1) ? (1 << (sizeof (uint32_t) - 1)) : 0; hash >>= 1; @@ -104,6 +107,7 @@ hashmap_t hashmap_create (unsigned int nbuckets) if (!ptr) return NULL; + ptr->seed = (uint32_t)rand(); ptr->size = nbuckets; ptr->buckets = (struct hashbucket_s *) safecalloc (nbuckets, sizeof (struct @@ -201,7 +205,7 @@ hashmap_insert (hashmap_t map, const char *key, const if (!data || len < 1) return -ERANGE; - hash = hashfunc (key, map->size); + hash = hashfunc (key, map->size, map->seed); if (hash < 0) return hash; @@ -382,7 +386,7 @@ ssize_t hashmap_search (hashmap_t map, const char *key if (map == NULL || key == NULL) return -EINVAL; - hash = hashfunc (key, map->size); + hash = hashfunc (key, map->size, map->seed); if (hash < 0) return hash; @@ -416,7 +420,7 @@ ssize_t hashmap_entry_by_key (hashmap_t map, const cha if (!map || !key || !data) return -EINVAL; - hash = hashfunc (key, map->size); + hash = hashfunc (key, map->size, map->seed); if (hash < 0) return hash; @@ -451,7 +455,7 @@ ssize_t hashmap_remove (hashmap_t map, const char *key if (map == NULL || key == NULL) return -EINVAL; - hash = hashfunc (key, map->size); + hash = hashfunc (key, map->size, map->seed); if (hash < 0) return hash; --- src/reqs.c.orig Mon Feb 7 13:31:03 2011 +++ src/reqs.c Mon Aug 20 11:46:43 2012 @@ -610,6 +610,11 @@ add_header_to_connection (hashmap_t hashofheaders, cha return hashmap_insert (hashofheaders, header, sep, len); } +/* define max number of headers. big enough to handle legitimate cases, + * but limited to avoid DoS + */ +#define MAX_HEADERS 10000 + /* * Read all the headers from the stream */ @@ -617,6 +622,7 @@ static int get_all_headers (int fd, hashmap_t hashofhe { char *line = NULL; char *header = NULL; + int count; char *tmp; ssize_t linelen; ssize_t len = 0; @@ -625,7 +631,7 @@ static int get_all_headers (int fd, hashmap_t hashofhe assert (fd >= 0); assert (hashofheaders != NULL); - for (;;) { + for (count = 0; count < MAX_HEADERS; count++) { if ((linelen = readline (fd, &line)) <= 0) { safefree (header); safefree (line); @@ -691,6 +697,12 @@ static int get_all_headers (int fd, hashmap_t hashofhe safefree (line); } + + /* if we get there, this is we reached MAX_HEADERS count. + bail out with error */ + safefree (header); + safefree (line); + return -1; } /* .