potentally fix DoS exploit

2024-05-04 11:27:56 -04:00
parent eb49e7b015
commit 59eeda7367
2 changed files with 10 additions and 5 deletions
--- a/zefie_wtvp_minisrv/app.js
+++ b/zefie_wtvp_minisrv/app.js
@@ -1682,9 +1682,8 @@ async function processRequest(socket, data_hex, skipSecure = false, encryptedReq
            } else {
                socket_sessions[socket.id].headers = headers;
            }
-        } else {
-
-                // handle streaming POST
+        } else if (socket.ssid) {
+            // handle streaming POST
            if (socket_sessions[socket.id].expecting_post_data && headers) {
                socket_sessions[socket.id].headers = headers;
                if (socket_sessions[socket.id].post_data.length < (socket_sessions[socket.id].post_data_length * 2)) {
@@ -1807,8 +1806,14 @@ async function processRequest(socket, data_hex, skipSecure = false, encryptedReq
                        }
                    }
                }
+            } else {
+                cleanupSocket(socket);
            }
+        } else {
+            cleanupSocket(socket);
        }
+    } else {
+        cleanupSocket(socket);
    }
 }

--- a/zefie_wtvp_minisrv/package-lock.json
+++ b/zefie_wtvp_minisrv/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "zefie_wtvp_minisrv",
-  "version": "0.9.45",
+  "version": "0.9.47",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "zefie_wtvp_minisrv",
-      "version": "0.9.45",
+      "version": "0.9.47",
      "license": "GPL3",
      "dependencies": {
        "@mafintosh/vm2": "^3.9.2",