Browse Source

[core] server.max-request-field-size (fixes #2130)

limits total size per request of request headers submitted by client

default limit set to 8k (prior lighttpd <= 1.4.41 hard-coded 64k limit)

(similar to Apache directive LimitRequestFieldSize)

x-ref:
  "limits the size of HTTP request header"
  https://redmine.lighttpd.net/issues/2130
personal/stbuehler/mod-csrf
Glenn Strauss 5 years ago
parent
commit
1018ff9922
  1. 1
      src/base.h
  2. 2
      src/configfile.c
  3. 14
      src/connections.c
  4. 1
      src/server.c

1
src/base.h

@ -539,6 +539,7 @@ typedef struct {
array *modules;
array *upload_tempdirs;
unsigned int upload_temp_file_size;
unsigned int max_request_field_size;
unsigned short max_worker;
unsigned short max_fds;

2
src/configfile.c

@ -122,6 +122,7 @@ static int config_insert(server *srv) {
{ "server.bsd-accept-filter", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 75 */
{ "server.stream-request-body", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 76 */
{ "server.stream-response-body", NULL, T_CONFIG_SHORT, T_CONFIG_SCOPE_CONNECTION }, /* 77 */
{ "server.max-request-field-size", NULL, T_CONFIG_INT, T_CONFIG_SCOPE_SERVER }, /* 78 */
{ NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
};
@ -160,6 +161,7 @@ static int config_insert(server *srv) {
cv[72].destination = &(srv->srvconf.http_header_strict);
cv[73].destination = &(srv->srvconf.http_host_strict);
cv[74].destination = &(srv->srvconf.http_host_normalize);
cv[78].destination = &(srv->srvconf.max_request_field_size);
srv->config_storage = calloc(1, srv->config_context->used * sizeof(specific_config *));

14
src/connections.c

@ -911,18 +911,20 @@ found_header_end:
}
connection_set_state(srv, con, CON_STATE_REQUEST_END);
} else if (chunkqueue_length(cq) > 64 * 1024) {
log_error_write(srv, __FILE__, __LINE__, "s", "oversized request-header -> sending Status 414");
con->http_status = 414; /* Request-URI too large */
con->keep_alive = 0;
connection_set_state(srv, con, CON_STATE_HANDLE_REQUEST);
} else if (is_closed) {
/* the connection got closed and we didn't got enough data to leave CON_STATE_READ;
* the only way is to leave here */
connection_set_state(srv, con, CON_STATE_ERROR);
}
if ((last_chunk ? buffer_string_length(con->request.request) : (size_t)chunkqueue_length(cq))
> srv->srvconf.max_request_field_size) {
log_error_write(srv, __FILE__, __LINE__, "s", "oversized request-header -> sending Status 431");
con->http_status = 431; /* Request Header Fields Too Large */
con->keep_alive = 0;
connection_set_state(srv, con, CON_STATE_HANDLE_REQUEST);
}
chunkqueue_remove_finished_chunks(cq);
return 0;

1
src/server.c

@ -281,6 +281,7 @@ static server *server_init(void) {
srv->srvconf.http_host_strict = 1; /*(implies http_host_normalize)*/
srv->srvconf.http_host_normalize = 0;
srv->srvconf.high_precision_timestamps = 0;
srv->srvconf.max_request_field_size = 8192;
/* use syslog */
srv->errorlog_fd = STDERR_FILENO;

Loading…
Cancel
Save