Limit maximum multipart/form-data pairs and files

A malicious user could inject an infinite number of empty files or
key/value pairs into a request in order to exhaust the device's
resources.

2 files changed, 34 insertions, 2 deletions

diff --git a/doc/man7/libweb_handler.7 b/doc/man7/libweb_handler.7
index f975444..bf47567 100644
--- a/doc/man7/libweb_handler.7
+++ b/doc/man7/libweb_handler.7
@@ -76,6 +76,7 @@ struct handler_cfg
     int (*\fIlength\fP)(unsigned long long len, const struct http_cookie *c, struct http_response *r, void *user);
     void *\fIuser\fP;
     size_t \fImax_headers\fP;
+    struct http_cfg_post \fIpost\fP;
 };
 .EE
 .in
@@ -83,9 +84,10 @@ struct handler_cfg
 
 .IR tmpdir ,
 .IR length ,
-.I user
-and
+.IR user ,
 .I max_headers
+and
+.I post
 are passed directly to the
 .I struct http_cfg
 object used to initialize a
diff --git a/doc/man7/libweb_http.7 b/doc/man7/libweb_http.7
index 0beb686..de627cb 100644
--- a/doc/man7/libweb_http.7
+++ b/doc/man7/libweb_http.7
@@ -94,6 +94,11 @@ struct http_cfg
     const char *\fItmpdir\fP;
     void *\fIuser\fP;
     size_t \fImax_headers\fP;
+
+    struct http_cfg_post
+    {
+        size_t \fImax_pairs\fP, \fImax_files\fP;
+    } \fIpost\fP;
 };
 .EE
 .in
@@ -221,6 +226,31 @@ Any extra headers sent by the client outside this maximum value shall be
 silently ignored by
 .IR libweb .
 
+.I post
+contains configuration parameters specific to
+.B POST
+requests:
+
+.I max_pairs
+refers to the maximum number of key/value pairs that shall be accepted by
+.I libweb
+on
+.B POST
+.IR multipart/form-data -encoded
+requests. If the maximum number of pairs is exceeded by the request,
+.I libweb
+shall terminate the connection.
+
+.I max_files
+refers to the maximum number of files that shall be accepted by
+.I libweb
+on
+.B POST
+.IR multipart/form-data -encoded
+requests. If the maximum number of files is exceeded by the request,
+.I libweb
+shall terminate the connection.
+
 .SS HTTP payload
 
 When a client submits a request to the server,