Limit maximum multipart/form-data pairs and files

A malicious user could inject an infinite number of empty files or key/value pairs into a request in order to exhaust the device's resources.
author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> 2024-02-19 23:00:56 +0100
committer: Xavier Del Campo Romero <xavi.dcr@tutanota.com> 2024-02-19 23:00:56 +0100
commit: afe0681c0b26bb64bad55d7e86770f346cfa043e (patch)
tree: 420dbf3084332bf1750d0986ea118b427aed7364 /handler.c
parent: 9d9e0c2979f43297b2ebbf84f14f064f3f9ced0e (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/handler.c b/handler.c
index f400f2b..3d806e6 100644
--- a/handler.c
+++ b/handler.c
@@ -110,7 +110,8 @@ static struct client *find_or_alloc_client(struct handler *const h,
         .length = on_length,
         .user = ret,
         .tmpdir = h->cfg.tmpdir,
-        .max_headers = h->cfg.max_headers
+        .max_headers = h->cfg.max_headers,
+        .post = h->cfg.post
     };
 
     *ret = (const struct client)
author	Xavier Del Campo Romero <xavi.dcr@tutanota.com>	2024-02-19 23:00:56 +0100
committer	Xavier Del Campo Romero <xavi.dcr@tutanota.com>	2024-02-19 23:00:56 +0100
commit	afe0681c0b26bb64bad55d7e86770f346cfa043e (patch)
tree	420dbf3084332bf1750d0986ea118b427aed7364 /handler.c
parent	9d9e0c2979f43297b2ebbf84f14f064f3f9ced0e (diff)