From 94f94652ed1cf80936edca2f4ca9f977bf8601f0 Mon Sep 17 00:00:00 2001
From: Andy Green <andy.green@linaro.org>
Date: Tue, 12 Feb 2013 13:10:19 +0800
Subject: [PATCH] security disallow repeated GET

Signed-off-by: Andy Green <andy.green@linaro.org>
---
 lib/parsers.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/parsers.c b/lib/parsers.c
index 953e5d80..23c3b942 100644
--- a/lib/parsers.c
+++ b/lib/parsers.c
@@ -512,6 +512,12 @@ int libwebsocket_parse(struct libwebsocket *wsi, unsigned char c)
 
 			lwsl_parser("known hdr '%s'\n", wsi->u.hdr.name_buffer);
 
+			if (n == WSI_TOKEN_GET_URI &&
+				wsi->u.hdr.ah->frag_index[WSI_TOKEN_GET_URI]) {
+				lwsl_warn("Duplicated GET\n");
+				return -1;
+			}
+
 			/*
 			 * WSORIGIN is protocol equiv to ORIGIN,
 			 * JWebSocket likes to send it, map to ORIGIN