diff options
| author | Xavier Del Campo Romero <xavi.dcr@tutanota.com> | 2024-02-19 23:00:56 +0100 |
|---|---|---|
| committer | Xavier Del Campo Romero <xavi.dcr@tutanota.com> | 2024-02-19 23:00:56 +0100 |
| commit | afe0681c0b26bb64bad55d7e86770f346cfa043e (patch) | |
| tree | 420dbf3084332bf1750d0986ea118b427aed7364 /doc/man7/libweb_handler.7 | |
| parent | 9d9e0c2979f43297b2ebbf84f14f064f3f9ced0e (diff) | |
| download | libweb-afe0681c0b26bb64bad55d7e86770f346cfa043e.tar.gz | |
Limit maximum multipart/form-data pairs and files
A malicious user could inject an infinite number of empty files or
key/value pairs into a request in order to exhaust the device's
resources.
Diffstat (limited to 'doc/man7/libweb_handler.7')
| -rw-r--r-- | doc/man7/libweb_handler.7 | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/man7/libweb_handler.7 b/doc/man7/libweb_handler.7 index f975444..bf47567 100644 --- a/doc/man7/libweb_handler.7 +++ b/doc/man7/libweb_handler.7 @@ -76,6 +76,7 @@ struct handler_cfg int (*\fIlength\fP)(unsigned long long len, const struct http_cookie *c, struct http_response *r, void *user); void *\fIuser\fP; size_t \fImax_headers\fP; + struct http_cfg_post \fIpost\fP; }; .EE .in @@ -83,9 +84,10 @@ struct handler_cfg .IR tmpdir , .IR length , -.I user -and +.IR user , .I max_headers +and +.I post are passed directly to the .I struct http_cfg object used to initialize a |