Bugtraq mailing list archives

Re: YA Apache DoS attack

From: bugtraq () ANKH SAMIAM ORG (bugtraq)
Date: Sun, 9 Aug 1998 12:53:56 -0700

And here's a band-aid for 1.3.1 - I'm sure we'll come up with something better
soon. This (untested) patch should prevent the worst effects. A similar patch
should work for 1.2.x.


A similar version of this patch works against Apache 1.2.5.  I have made
RPMs for RedHat, Caldera, SuSE, TurboLinux, and other RPM-based systems
available at this location:

        http://www.samiam.org/blackdragon

Patch for Apache 1.2.5 included.  I have verified that this patch protects
Apache 1.2.5 from the sioux DOS attack.

- Sam

*** apache_1.2.5/src/http_protocol.c.orig       Sun Aug  9 11:44:00 1998
--- apache_1.2.5/src/http_protocol.c    Sun Aug  9 11:53:13 1998
***************
*** 659,664 ****
--- 659,665 ----
      int len;
      char *value;
      char field[MAX_STRING_LEN];
+     int nheaders=0;

      /* Read header lines until we get the empty separator line,
       * a read error, the connection closes (EOF), or we timeout.
***************
*** 674,679 ****
--- 675,686 ----
          while (isspace(*value)) ++value;      /* Skip to start of value   */

          table_merge(r->headers_in, field, value);
+
+       if(++nheaders >= 100) {
+           r->status = HTTP_BAD_REQUEST;
+           return;
+       }
+
      }
  }

Current thread:

Re: YA Apache DoS attack Ben Laurie (Aug 07)
- Re: YA Apache DoS attack GoatBoy (Aug 07)
- Re: YA Apache DoS attack bugtraq (Aug 09)
- <Possible follow-ups>
- Re: YA Apache DoS attack Dag-Erling Coidan Smørgrav (Aug 08)
- Re: YA Apache DoS attack Scott Burke (Aug 15)
  - Re: YA Apache DoS attack Marc Slemko (Aug 15)