[core] Fix detection of too big request http header

personal/stbuehler/wip
Thomas Porzelt 13 years ago
parent c4ba2608fa
commit bba88e3326
  1. 20
      src/main/connection.c
  2. 11
      src/main/http_request_parser.rl

@ -204,24 +204,12 @@ static gboolean connection_handle_read(liConnection *con) {
if (CORE_OPTION(LI_CORE_OPTION_DEBUG_REQUEST_HANDLING).boolean) {
VR_DEBUG(vr, "%s", "parsing header failed");
}
con->keep_alive = FALSE;
con->mainvr->response.http_status = 400;
li_vrequest_handle_direct(con->mainvr);
con->state = LI_CON_STATE_WRITE;
con->in->is_closed = TRUE;
forward_response_body(con);
return TRUE;
}
/* sanity check: if the whole http request header is larger than 64kbytes, then something probably went wrong */
if (con->raw_in->bytes_in > 64*1024) {
VR_INFO(vr,
"request header too large. limit: 64kb, received: %s",
li_counter_format((guint64)con->raw_in->bytes_in, COUNTER_BYTES, vr->wrk->tmp_str)->str
);
con->wrk->stats.requests++;
con->keep_alive = FALSE;
con->mainvr->response.http_status = 413; /* Request Entity Too Large */
/* set status 400 if not already set to e.g. 413 */
if (con->mainvr->response.http_status == 0)
con->mainvr->response.http_status = 400;
li_vrequest_handle_direct(con->mainvr);
con->state = LI_CON_STATE_WRITE;
con->in->is_closed = TRUE;

@ -174,6 +174,17 @@ liHandlerResult li_http_request_parse(liVRequest *vr, liHttpRequestCtx *ctx) {
if (li_http_request_parser_has_error(ctx)) return LI_HANDLER_ERROR;
if (li_http_request_parser_is_finished(ctx)) {
/* sanity check: if the whole http request header is larger than 64kbytes, then something probably went wrong */
if (ctx->chunk_ctx.bytes_in > 64*1024) {
VR_INFO(vr,
"request header too large. limit: 64kb, received: %s",
li_counter_format((guint64)ctx->chunk_ctx.bytes_in, COUNTER_BYTES, vr->wrk->tmp_str)->str
);
vr->response.http_status = 413; /* Request Entity Too Large */
return LI_HANDLER_ERROR;
}
li_chunkqueue_skip(ctx->chunk_ctx.cq, ctx->chunk_ctx.bytes_in);
return LI_HANDLER_GO_ON;
}

Loading…
Cancel
Save