Changeset 76761 in vbox

Timestamp:

Jan 10, 2019 7:49:43 PM (6 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

128080

Message:

Main/webservice: fixes, bugref:9329 - the line has to be somewhere.

File:

• trunk/src/VBox/Main/webservice/vboxweb.cpp (modified) (2 diffs)

trunk/src/VBox/Main/webservice/vboxweb.cpp

@@ -617 +617 @@
         m_soap->send_timeout = 60;
         m_soap->recv_timeout = 60;
+        // Limit the maximum SOAP request size to a generous amount, just to
+        // be on the safe side (SOAP is quite wordy when representing arrays,
+        // and some API uses need to deal with large arrays). Good that binary
+        // data is no longer represented by byte arrays...
+        m_soap->recv_maxlength = _16M;
         // process the request; this goes into the COM code in methodmaps.cpp
         do {
@@ -1929 +1934 @@
     }
 
-    if (pfnAuthEntry3 || pfnAuthEntry2 || pfnAuthEntry)
+    if (strlen(pcszUsername) >= _1K)
+    {
+        LogRel(("Access denied, excessive username length: %zu\n", strlen(pcszUsername)));
+        rc = VERR_WEB_NOT_AUTHENTICATED;
+    }
+    else if (strlen(pcszPassword) >= _1K)
+    {
+        LogRel(("Access denied, excessive password length: %zu\n", strlen(pcszPassword)));
+        rc = VERR_WEB_NOT_AUTHENTICATED;
+    }
+    else if (pfnAuthEntry3 || pfnAuthEntry2 || pfnAuthEntry)
     {
         const char *pszFn;