*) Remove compile-time length limit on request strings. Length is

    now enforced solely with the LimitRequestLine config directive.
    [Paul J. Reder]

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102840 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index b2c45c755cf68502f95645ac648b67f726963179..43030455738274af296d0381ae8fa085fe58d8ed 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@ Changes with Apache 2.1.0-dev
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) Remove compile-time length limit on request strings. Length is
+     now enforced solely with the LimitRequestLine config directive.
+     [Paul J. Reder]
+
   *) mod_ssl: Send the Close Alert message to the peer before closing
      the SSL session. [Madhusudan Mathihalli, Joe Orton]
 

diff --git a/server/core.c b/server/core.c
index 80e900139bede5749a75ed282884c4cb7df7eadb..c6d243a3a7579ec0941699517c8b64808222e25e 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -2437,12 +2437,6 @@ static const char *set_limit_req_line(cmd_parms *cmd, void *dummy,
                            "\" must be a non-negative integer", NULL);
     }
 
-    if (lim > DEFAULT_LIMIT_REQUEST_LINE) {
-        return apr_psprintf(cmd->temp_pool, "LimitRequestLine \"%s\" "
-                            "must not exceed the precompiled maximum of %d",
-                            arg, DEFAULT_LIMIT_REQUEST_LINE);
-    }
-
     cmd->server->limit_req_line = lim;
     return NULL;
 }

diff --git a/server/protocol.c b/server/protocol.c
index 5da65f977c98fd8d5d1cdce8cc36b7bfc49eea3a..be69a227ce2831ca8bebd26bde1b060bdb755999 100644 (file)
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -577,11 +577,22 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
          * if there are empty lines
          */
         r->the_request = NULL;
-        rv = ap_rgetline(&(r->the_request), DEFAULT_LIMIT_REQUEST_LINE + 2,
+        rv = ap_rgetline(&(r->the_request), (apr_size_t)(r->server->limit_req_line + 2),
                          &len, r, 0, bb);
 
         if (rv != APR_SUCCESS) {
             r->request_time = apr_time_now();
+
+            /* ap_rgetline returns APR_ENOSPC if it fills up the
+             * buffer before finding the end-of-line.  This is only going to
+             * happen if it exceeds the configured limit for a request-line.
+             */
+            if (rv == APR_ENOSPC) {
+                r->status    = HTTP_REQUEST_URI_TOO_LARGE;
+                r->proto_num = HTTP_VERSION(1,0);
+                r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
+            }
+
             return 0;
         }
     } while ((len <= 0) && (++num_blank_lines < max_blank_lines));
@@ -611,18 +622,6 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
 
     ap_parse_uri(r, uri);
 
-    /* ap_getline returns (size of max buffer - 1) if it fills up the
-     * buffer before finding the end-of-line.  This is only going to
-     * happen if it exceeds the configured limit for a request-line.
-     * The cast is safe, limit_req_line cannot be negative
-     */
-    if (len > (apr_size_t)r->server->limit_req_line) {
-        r->status    = HTTP_REQUEST_URI_TOO_LARGE;
-        r->proto_num = HTTP_VERSION(1,0);
-        r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
-        return 0;
-    }
-
     if (ll[0]) {
         r->assbackwards = 0;
         pro = ll;
@@ -856,7 +855,7 @@ request_rec *ap_read_request(conn_rec *conn)
     if (!read_request_line(r, tmp_bb)) {
         if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                          "request failed: URI too long");
+                          "request failed: URI too long (longer than %d)", r->server->limit_req_line);
             ap_send_error_response(r, 0);
             ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
             ap_run_log_transaction(r);