Return 413 if chunk-ext-header is too long rather than reading from a truncated

author Justin Erenkrantz <jerenkrantz@apache.org>

Wed, 19 Feb 2003 06:50:10 +0000 (06:50 +0000)

committer Justin Erenkrantz <jerenkrantz@apache.org>

Wed, 19 Feb 2003 06:50:10 +0000 (06:50 +0000)
author Justin Erenkrantz <jerenkrantz@apache.org>
Wed, 19 Feb 2003 06:50:10 +0000 (06:50 +0000)
committer Justin Erenkrantz <jerenkrantz@apache.org>
Wed, 19 Feb 2003 06:50:10 +0000 (06:50 +0000)
diff --git a/CHANGES b/CHANGES

index 4bfeb323b3343e1ff53781953be7769529db9e75..4447968e53f5e1ab5cf927bb3a02796156e20024 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@ Changes with Apache 2.1.0-dev
  
    [Remove entries to the current 2.0 section below, when backported]
  
+  *) Return 413 if chunk-ext-header is too long rather than reading from
+     the truncated line.  PR 15857.  [Justin Erenkrantz]
+
    *) If mod_mime_magic does not know the content-type, do not attempt to
       guess.  PR 16908.  [Andrew Gapon <agapon@telcordia.com>]
  
diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c

index 14faecc8f275ee40accd19d9157d1aabb9384047..b692e21572e0604a18c7c7c5717c113cec337083 100644 (file)
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -897,6 +897,7 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b,
              char line[30];
              apr_bucket_brigade *bb;
              apr_size_t len = 30;
+            apr_off_t brigade_length;
  
              bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
  
@@ -904,9 +905,19 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b,
                                  APR_BLOCK_READ, 0);
  
              if (rv == APR_SUCCESS) {
-                rv = apr_brigade_flatten(bb, line, &len);
+                /* We have to check the length of the brigade we got back.
+                 * We will not accept partial lines.
+                 */
+                rv = apr_brigade_length(bb, 1, &brigade_length);
+                if (rv == APR_SUCCESS
+                    && brigade_length > f->r->server->limit_req_line) {
+                    rv = APR_ENOSPC;
+                }
                  if (rv == APR_SUCCESS) {
-                    ctx->remaining = get_chunk_size(line);
+                    rv = apr_brigade_flatten(bb, line, &len);
+                    if (rv == APR_SUCCESS) {
+                        ctx->remaining = get_chunk_size(line);
+                    }
                  }
              }
              apr_brigade_cleanup(bb);
author	Justin Erenkrantz <jerenkrantz@apache.org>
	Wed, 19 Feb 2003 06:50:10 +0000 (06:50 +0000)
committer	Justin Erenkrantz <jerenkrantz@apache.org>
	Wed, 19 Feb 2003 06:50:10 +0000 (06:50 +0000)
CHANGES		patch \| blob \| history
modules/http/http_protocol.c		patch \| blob \| history