X-Git-Url: https://review.openocd.org/gitweb?p=openocd.git;a=blobdiff_plain;f=src%2Fserver%2Fstartup.tcl;h=dd1b31e417dd15942a3906dbf3b25a5734aa062e;hp=64ace40795e35a26033a8f6f69027f495a9e5cfc;hb=6d54d905413243cc65687e30669a94037a14cbe6;hpb=33a17fd35995a7f679f92600055a8f55ae380022;ds=sidebyside

diff --git a/src/server/startup.tcl b/src/server/startup.tcl
index 64ace40795..dd1b31e417 100644
--- a/src/server/startup.tcl
+++ b/src/server/startup.tcl
@@ -8,3 +8,14 @@ proc ocd_gdb_restart {target_id} {
 	# one target
 	reset halt
 }
+
+proc prevent_cps {} {
+	echo "Possible SECURITY ATTACK detected."
+	echo "It looks like somebody is sending POST or Host: commands to OpenOCD."
+	echo "This is likely due to an attacker attempting to use Cross Protocol Scripting"
+	echo "to compromise your OpenOCD instance. Connection aborted."
+	exit
+}
+
+proc POST {args} { prevent_cps }
+proc Host: {args} { prevent_cps }