| commit | 94f94652ed1cf80936edca2f4ca9f977bf8601f0 | [log] [tgz] |
|---|---|---|
| author | Andy Green <andy.green@linaro.org> | Tue Feb 12 13:10:19 2013 +0800 |
| committer | Andy Green <andy.green@linaro.org> | Tue Feb 12 14:16:06 2013 +0800 |
| tree | 18c0c43141fa7cb6d1fb6b63b68188bd36489701 | |
| parent | 3ee9b310549d3eb75832985fad0d45b85551b117 [diff] |
security disallow repeated GET Signed-off-by: Andy Green <andy.green@linaro.org>
diff --git a/lib/parsers.c b/lib/parsers.c index 953e5d8..23c3b94 100644 --- a/lib/parsers.c +++ b/lib/parsers.c
@@ -512,6 +512,12 @@ lwsl_parser("known hdr '%s'\n", wsi->u.hdr.name_buffer); + if (n == WSI_TOKEN_GET_URI && + wsi->u.hdr.ah->frag_index[WSI_TOKEN_GET_URI]) { + lwsl_warn("Duplicated GET\n"); + return -1; + } + /* * WSORIGIN is protocol equiv to ORIGIN, * JWebSocket likes to send it, map to ORIGIN