Merged revisions 314628 via svnmerge from

https://origsvn.digium.com/svn/asterisk/branches/1.8 ................ r314628 | mnicholson | 2011-04-21 13:24:05 -0500 (Thu, 21 Apr 2011) | 27 lines Merged revisions 314620 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.6.2 ................ r314620 | mnicholson | 2011-04-21 13:22:19 -0500 (Thu, 21 Apr 2011) | 20 lines Merged revisions 314607 via svnmerge from https://origsvn.digium.com/svn/asterisk/branches/1.4 ........ r314607 | mnicholson | 2011-04-21 13:19:21 -0500 (Thu, 21 Apr 2011) | 14 lines Added limits to the number of unauthenticated sessions TCP based protocols are allowed to have open simultaneously. Also added timeouts for unauthenticated sessions where it made sense to do so. Unrelated, the manager interface now properly checks if the user has the "system" privilege before executing shell commands via the Originate action. AST-2011-005 AST-2011-006 (closes issue #18787) Reported by: kobaz (related to issue #18996) Reported by: tzafrir ........ ................ ................ git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@314666 65c4cc65-6c06-0410-ace0-fbb531ad65f3
author: Matthew Nicholson <mnicholson@digium.com> 2011-04-21 18:32:50 +0000
committer: Matthew Nicholson <mnicholson@digium.com> 2011-04-21 18:32:50 +0000
commit: 079e794b1cb14b5c9e70966ebaa657e32c144881 (patch)
tree: 0998d8db216bc1492b06016f865611af9e80400b /main/http.c
parent: 7f23115ad2faeee58865afbec6bc11a43210fde7 (diff)
1 files changed, 19 insertions, 3 deletions
diff --git a/main/http.c b/main/http.c
index 1c4a9ca60..cc32b9422 100644
--- a/main/http.c
+++ b/main/http.c
@@ -57,12 +57,16 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision$")
 #define MAX_PREFIX 80
 #define DEFAULT_PORT 8088
 #define DEFAULT_TLS_PORT 8089
+#define DEFAULT_SESSION_LIMIT 100
 
 /* See http.h for more information about the SSL implementation */
 #if defined(HAVE_OPENSSL) && (defined(HAVE_FUNOPEN) || defined(HAVE_FOPENCOOKIE))
 #define	DO_SSL	/* comment in/out if you want to support ssl */
 #endif
 
+static int session_limit = DEFAULT_SESSION_LIMIT;
+static int session_count = 0;
+
 static struct ast_tls_config http_tls_cfg;
 
 static void *httpd_helper_thread(void *arg);
@@ -829,6 +833,10 @@ static void *httpd_helper_thread(void *data)
 	char *uri, *method;
 	enum ast_http_method http_method = AST_HTTP_UNKNOWN;
 
+	if (ast_atomic_fetchadd_int(&session_count, +1) >= session_limit) {
+		goto done;
+	}
+
 	if (!fgets(buf, sizeof(buf), ser->f)) {
 		goto done;
 	}
@@ -894,17 +902,19 @@ static void *httpd_helper_thread(void *data)
 
 	if (!*uri) {
 		ast_http_error(ser, 400, "Bad Request", "Invalid Request");
-		return NULL;
+		goto done;
 	}
 
 	handle_uri(ser, uri, http_method, headers);
 
-	/* Clean up all the header information pulled as well */
+done:
+	ast_atomic_fetchadd_int(&session_count, -1);
+
+	/* clean up all the header information */
 	if (headers) {
 		ast_variables_destroy(headers);
 	}
 
-done:
 	if (ser->f) {
 		fclose(ser->f);
 	}
@@ -1044,6 +1054,12 @@ static int __ast_http_load(int reload)
 				}
 			} else if (!strcasecmp(v->name, "redirect")) {
 				add_redirect(v->value);
+			} else if (!strcasecmp(v->name, "sessionlimit")) {
+				if (ast_parse_arg(v->value, PARSE_INT32|PARSE_DEFAULT|PARSE_IN_RANGE,
+							&session_limit, DEFAULT_SESSION_LIMIT, 1, INT_MAX)) {
+					ast_log(LOG_WARNING, "Invalid %s '%s' at line %d of http.conf\n",
+							v->name, v->value, v->lineno);
+				}
 			} else {
 				ast_log(LOG_WARNING, "Ignoring unknown option '%s' in http.conf\n", v->name);
 			}
author	Matthew Nicholson <mnicholson@digium.com>	2011-04-21 18:32:50 +0000
committer	Matthew Nicholson <mnicholson@digium.com>	2011-04-21 18:32:50 +0000
commit	079e794b1cb14b5c9e70966ebaa657e32c144881 (patch)
tree	0998d8db216bc1492b06016f865611af9e80400b /main/http.c
parent	7f23115ad2faeee58865afbec6bc11a43210fde7 (diff)