From 44f5b6a1cb66ee0a6d253de306b167baf33d02c9 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Tue, 16 Apr 2019 12:59:20 +0200 Subject: httpd: check denied IPs even before reading 1st query line Signed-off-by: Denys Vlasenko --- networking/httpd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'networking/httpd.c') diff --git a/networking/httpd.c b/networking/httpd.c index 205c434bf..d29335c3c 100644 --- a/networking/httpd.c +++ b/networking/httpd.c @@ -2113,6 +2113,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr) if (verbose > 2) bb_error_msg("connected"); } + if_ip_denied_send_HTTP_FORBIDDEN_and_exit(); /* Install timeout handler. get_line() needs it. */ signal(SIGALRM, send_REQUEST_TIMEOUT_and_exit); @@ -2147,7 +2148,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr) send_headers_and_exit(HTTP_BAD_REQUEST); /* Find end of URL and parse HTTP version, if any */ -//TODO: mayybe just reject all queries which have no " HTTP/xyz" suffix? +//TODO: maybe just reject all queries which have no " HTTP/xyz" suffix? //Then 'http_major_version' can be deleted http_major_version = ('0' - 1); /* "less than 0th" version */ HTTP_slash = strchrnul(urlp, ' '); @@ -2261,7 +2262,6 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr) bb_error_msg("url:%s", urlcopy); tptr = urlcopy; - if_ip_denied_send_HTTP_FORBIDDEN_and_exit(); while ((tptr = strchr(tptr + 1, '/')) != NULL) { /* have path1/path2 */ *tptr = '\0'; -- cgit v1.2.3