1From 7f47efe1717c381f86566fabe0b1ced8cb98fe8f Mon Sep 17 00:00:00 2001 2From: irsl <irsl@users.noreply.github.com> 3Date: Fri, 26 Oct 2018 11:51:15 +0200 4Subject: [PATCH] fix for broken multipart/form-data 5 6Malformed multipart/form-data payload results in infinite loop and thus denial of service 7[Upstream status: https://github.com/shellinabox/shellinabox/pull/446] 8Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> 9--- 10 libhttp/url.c | 3 +++ 11 1 file changed, 3 insertions(+) 12 13diff --git a/libhttp/url.c b/libhttp/url.c 14index ed29475..4177871 100644 15--- a/libhttp/url.c 16+++ b/libhttp/url.c 17@@ -312,6 +312,9 @@ static void urlParsePostBody(struct URL *url, 18 } 19 } 20 } 21+ } else { 22+ warn("[http] broken multipart/form-data!"); 23+ break; 24 } 25 } 26 if (lastPart) { 27