Browse Source

[core] make server.max-request-size scopeable (fixes #1901)

x-ref:
  "make server.max-request-size scopeable"
  https://redmine.lighttpd.net/issues/1901
personal/stbuehler/mod-csrf-old
Glenn Strauss 5 years ago
parent
commit
fe02be7e34
  1. 1
      src/base.h
  2. 6
      src/configfile.c
  3. 16
      src/request.c
  4. 12
      src/response.c

1
src/base.h

@ -543,7 +543,6 @@ typedef struct {
unsigned short max_worker;
unsigned short max_fds;
unsigned short max_conns;
unsigned int max_request_size;
unsigned short log_request_header_on_error;
unsigned short log_state_handling;

6
src/configfile.c

@ -165,7 +165,6 @@ static int config_insert(server *srv) {
cv[10].destination = srv->srvconf.event_handler;
cv[11].destination = srv->srvconf.pid_file;
cv[12].destination = &(srv->srvconf.max_request_size);
cv[13].destination = &(srv->srvconf.max_worker);
cv[23].destination = &(srv->srvconf.max_fds);
@ -222,6 +221,7 @@ static int config_insert(server *srv) {
s->max_keep_alive_idle = 5;
s->max_read_idle = 60;
s->max_write_idle = 360;
s->max_request_size = 0;
s->use_xattr = 0;
s->ssl_enabled = 0;
s->ssl_honor_cipher_order = 1;
@ -259,6 +259,7 @@ static int config_insert(server *srv) {
cv[7].destination = s->server_tag;
cv[8].destination = &(s->use_ipv6);
cv[12].destination = &(s->max_request_size);
cv[14].destination = s->document_root;
cv[15].destination = &(s->force_lowercase_filenames);
cv[16].destination = &(s->log_condition_handling);
@ -441,6 +442,7 @@ int config_setup_connection(server *srv, connection *con) {
PATCH(max_keep_alive_idle);
PATCH(max_read_idle);
PATCH(max_write_idle);
PATCH(max_request_size);
PATCH(use_xattr);
PATCH(error_handler);
PATCH(error_handler_404);
@ -537,6 +539,8 @@ int config_patch_connection(server *srv, connection *con) {
PATCH(max_write_idle);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.max-read-idle"))) {
PATCH(max_read_idle);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("server.max-request-size"))) {
PATCH(max_request_size);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("mimetype.use-xattr"))) {
PATCH(use_xattr);
} else if (buffer_is_equal_string(du->key, CONST_STR_LEN("etag.use-inode"))) {

16
src/request.c

@ -1277,22 +1277,6 @@ int http_request_parse(server *srv, connection *con) {
return 0;
}
/* srvconf.max_request_size is in kBytes */
if (srv->srvconf.max_request_size != 0 &&
(off_t)con->request.content_length > ((off_t)srv->srvconf.max_request_size << 10)) {
/* the request body itself is larger then
* our our max_request_size
*/
con->http_status = 413;
con->keep_alive = 0;
log_error_write(srv, __FILE__, __LINE__, "sos",
"request-size too long:", (off_t) con->request.content_length, "-> 413");
return 0;
}
/* we have content */
if (con->request.content_length != 0) {
return 1;

12
src/response.c

@ -341,6 +341,18 @@ handler_t http_response_prepare(server *srv, connection *con) {
log_error_write(srv, __FILE__, __LINE__, "sb", "URI-query : ", con->uri.query);
}
/* con->conf.max_request_size is in kBytes */
if (0 != con->conf.max_request_size &&
(off_t)con->request.content_length > ((off_t)con->conf.max_request_size << 10)) {
log_error_write(srv, __FILE__, __LINE__, "sos",
"request-size too long:", (off_t) con->request.content_length, "-> 413");
con->keep_alive = 0;
con->http_status = 413;
con->file_finished = 1;
return HANDLER_FINISHED;
}
/**
*

Loading…
Cancel
Save