Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add some reasonable limits to cookie parsing, reduce impact of possible attack

Browse Source
This commit is contained in:
Thomas Lynch
2023-01-06 19:02:20 +11:00
parent 9c17d5b8fc
commit b593be8627
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/libs/cookie.lua
View File

@ -11,11 +11,12 @@ local SEMICOLON = byte(";")
local SPACE = byte(" ") local SPACE = byte(" ")
local HTAB = byte("\t") local HTAB = byte("\t")
local MAX_LEN = 10 * 1024 -- in case you are a dumbass and set a high tune.maxrewrite
local MAX_COOKIES = 100
local _M = {} local _M = {}
_M._VERSION = '0.01' _M._VERSION = '0.01'
function _M.get_cookie_table(text_cookie) function _M.get_cookie_table(text_cookie)
if type(text_cookie) ~= "string" then if type(text_cookie) ~= "string" then
return {} return {}
@ -27,10 +28,16 @@ function _M.get_cookie_table(text_cookie)
local n = 0 local n = 0
local len = #text_cookie local len = #text_cookie
if len > MAX_LEN then
return {}
end
for i=1, len do for i=1, len do
if byte(text_cookie, i) == SEMICOLON then if byte(text_cookie, i) == SEMICOLON then
n = n + 1 n = n + 1
if n > MAX_COOKIES then
return {}
end
end end
end end