|
10 | 10 | import logging |
11 | 11 | import re |
12 | 12 | import StringIO |
| 13 | +import struct |
13 | 14 | import zlib |
14 | 15 |
|
15 | 16 | from lib.core.common import extractErrorMessage |
|
27 | 28 | from lib.core.exception import sqlmapCompressionException |
28 | 29 | from lib.core.htmlentities import htmlEntities |
29 | 30 | from lib.core.settings import DEFAULT_COOKIE_DELIMITER |
| 31 | +from lib.core.settings import MAX_CONNECTION_TOTAL_SIZE |
30 | 32 | from lib.core.settings import ML |
31 | 33 | from lib.core.settings import META_CHARSET_REGEX |
32 | 34 | from lib.core.settings import PARSE_HEADERS_LIMIT |
@@ -182,12 +184,17 @@ def decodePage(page, contentEncoding, contentType): |
182 | 184 | return getUnicode(page) |
183 | 185 |
|
184 | 186 | if isinstance(contentEncoding, basestring) and contentEncoding.lower() in ("gzip", "x-gzip", "deflate"): |
| 187 | + if not kb.pageCompress: |
| 188 | + return None |
| 189 | + |
185 | 190 | try: |
186 | 191 | if contentEncoding.lower() == "deflate": |
187 | | - # http://stackoverflow.com/questions/1089662/python-inflate-and-deflate-implementations |
188 | | - data = StringIO.StringIO(zlib.decompress(page, -15)) |
| 192 | + data = StringIO.StringIO(zlib.decompress(page, -15)) # Reference: http://stackoverflow.com/questions/1089662/python-inflate-and-deflate-implementations |
189 | 193 | else: |
190 | 194 | data = gzip.GzipFile("", "rb", 9, StringIO.StringIO(page)) |
| 195 | + size = struct.unpack("<l", page[-4:])[0] # Reference: http://pydoc.org/get.cgi/usr/local/lib/python2.5/gzip.py |
| 196 | + if size > MAX_CONNECTION_TOTAL_SIZE: |
| 197 | + raise Exception, "size too large" |
191 | 198 |
|
192 | 199 | page = data.read() |
193 | 200 | except Exception, msg: |
|
0 commit comments