Infinite uploads possible as long as first upload is ongoing
Bug #673996 reported by
Tobias Baldauf
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Woof |
Fix Released
|
High
|
Tobias Baldauf |
Bug Description
The upload-form invoked by woof -U is allowing one upload per default (maxdownloads = 1, although this can be altered with the -c parameter). After the successful upload, maxdownloads is reduced by 1 and if it reaches 0, the server closes down.
But as long as the first upload is still ongoing, an infinite number of uploads can be initiated via POST because maxdownloads has NOT been reduced by 1 yet.
It is therefore theoretically possible to DOS the host-machine by sending many files via POST as long as the first upload is still ongoing.
Related branches
visibility: | private → public |
Changed in woofgui: | |
assignee: | nobody → Tobias Baldauf (technopagan) |
Changed in woofgui: | |
status: | Confirmed → Fix Released |
To post a comment you must log in.