===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/mandoc/cgi.c,v
retrieving revision 1.32
retrieving revision 1.33
diff -c -r1.32 -r1.33
*** src/usr.bin/mandoc/cgi.c	2014/08/08 17:17:42	1.32
--- src/usr.bin/mandoc/cgi.c	2014/08/21 16:03:50	1.33
***************
*** 1,4 ****
! /*	$Id: cgi.c,v 1.32 2014/08/08 17:17:42 schwarze Exp $ */
  /*
   * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
   * Copyright (c) 2014 Ingo Schwarze <schwarze@usta.de>
--- 1,4 ----
! /*	$Id: cgi.c,v 1.33 2014/08/21 16:03:50 schwarze Exp $ */
  /*
   * Copyright (c) 2011, 2012 Kristaps Dzonsons <kristaps@bsd.lv>
   * Copyright (c) 2014 Ingo Schwarze <schwarze@usta.de>
***************
*** 15,20 ****
--- 15,24 ----
   * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
   * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   */
+ 
+ #include <sys/types.h>
+ #include <sys/time.h>
+ 
  #include <ctype.h>
  #include <errno.h>
  #include <fcntl.h>
***************
*** 1025,1033 ****
--- 1029,1050 ----
  main(void)
  {
  	struct req	 req;
+ 	struct itimerval itimer;
  	const char	*path;
  	const char	*querystring;
  	int		 i;
+ 
+ 	/* Poor man's ReDoS mitigation. */
+ 
+ 	itimer.it_value.tv_sec = 1;
+ 	itimer.it_value.tv_usec = 0;
+ 	itimer.it_interval.tv_sec = 1;
+ 	itimer.it_interval.tv_usec = 0;
+ 	if (setitimer(ITIMER_VIRTUAL, &itimer, NULL) == -1) {
+ 		fprintf(stderr, "setitimer: %s\n", strerror(errno));
+ 		pg_error_internal();
+ 		return(EXIT_FAILURE);
+ 	}
  
  	/* Scan our run-time environment. */