diff options
| author | Yann Ylavic <ylavic@apache.org> | 2015-07-03 00:32:25 +0000 |
|---|---|---|
| committer | Yann Ylavic <ylavic@apache.org> | 2015-07-03 00:32:25 +0000 |
| commit | 956dc8130fbe2c04d27426911e603af263262362 (patch) | |
| tree | 8a763531bbb6d430a2ffc0c136699dc7ff840af1 | |
| parent | b0b6ca28565f0a1780e2343bc1017eefaef075a8 (diff) | |
| download | httpd-956dc8130fbe2c04d27426911e603af263262362.tar.gz | |
Merge r1688274 from trunk.
http: Fix LimitRequestBody checks when there is no more bytes to read.
Submitted by: Michael Kaufmann <mail michael-kaufmann.ch>
Committed by: ylavic
Reviewed by: ylavic, mrumph, wrowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1688936 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | CHANGES | 3 | ||||
| -rw-r--r-- | STATUS | 8 | ||||
| -rw-r--r-- | modules/http/http_filters.c | 35 |
3 files changed, 22 insertions, 24 deletions
@@ -8,6 +8,9 @@ Changes with Apache 2.2.30 Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext authorized characters. [Graham Leggett, Yann Ylavic] + *) http: Fix LimitRequestBody checks when there is no more bytes to read. + [Michael Kaufmann <mail michael-kaufmann.ch>] + *) core: Allow spaces after chunk-size for compatibility with implementations using a pre-filled buffer. [Yann Ylavic, Jeff Trawick] @@ -97,14 +97,6 @@ CURRENT RELEASE NOTES: RELEASE SHOWSTOPPERS: - *) http: Fix LimitRequestBody checks when there is no more bytes to read. - [Michael Kaufmann <mail michael-kaufmann.ch>] - trunk patch: http://svn.apache.org/r1688274 - 2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-fix_LimitRequestBody.patch - (modulo CHANGES, patch needed because of bail_out_on_error - and APLOGNO) - +1: ylavic, mrumph, wrowe - PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c index 94cac96f81..13181fec2e 100644 --- a/modules/http/http_filters.c +++ b/modules/http/http_filters.c @@ -320,7 +320,6 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, apr_bucket *e; http_ctx_t *ctx = f->ctx; apr_status_t rv; - apr_off_t totalread; int http_error = HTTP_REQUEST_ENTITY_TOO_LARGE; apr_bucket_brigade *bb; int again; @@ -556,6 +555,7 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, readbytes = ctx->remaining; } if (readbytes > 0) { + apr_off_t totalread; rv = ap_get_brigade(f->next, b, mode, block, readbytes); @@ -598,6 +598,24 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, } } + /* We have a limit in effect. */ + if (ctx->limit) { + /* FIXME: Note that we might get slightly confused on + * chunked inputs as we'd need to compensate for the chunk + * lengths which may not really count. This seems to be up + * for interpretation. + */ + ctx->limit_used += totalread; + if (ctx->limit < ctx->limit_used) { + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r, + "Read content length of " + "%" APR_OFF_T_FMT " is larger than the " + "configured limit of %" APR_OFF_T_FMT, + ctx->limit_used, ctx->limit); + return bail_out_on_error(ctx, f, + HTTP_REQUEST_ENTITY_TOO_LARGE); + } + } } /* If we have no more bytes remaining on a C-L request, @@ -609,21 +627,6 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b, ctx->eos_sent = 1; } - /* We have a limit in effect. */ - if (ctx->limit) { - /* FIXME: Note that we might get slightly confused on chunked inputs - * as we'd need to compensate for the chunk lengths which may not - * really count. This seems to be up for interpretation. */ - ctx->limit_used += totalread; - if (ctx->limit < ctx->limit_used) { - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r, - "Read content-length of %" APR_OFF_T_FMT - " is larger than the configured limit" - " of %" APR_OFF_T_FMT, ctx->limit_used, ctx->limit); - return bail_out_on_error(ctx, f, HTTP_REQUEST_ENTITY_TOO_LARGE); - } - } - break; } case BODY_CHUNK_TRAILER: { |