You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2020/11/15 02:42:18 UTC

[Bug 64925] New: Set LimitRequestFields = 0 fail the test

https://bz.apache.org/bugzilla/show_bug.cgi?id=64925

            Bug ID: 64925
           Summary: Set LimitRequestFields = 0 fail the test
           Product: Apache httpd-test
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: framework
          Assignee: bugs@httpd.apache.org
          Reporter: jirauser1996@gmail.com
  Target Milestone: ---

Hi,

I'm working on testing software and its configuration. I'm using
mod_perl-2.0.10 (I think it is the official one) to test httpd-2.4.37.

I wrongly-set LimitRequestFields to a string and the test (server_rec.t)
failed. When I check the source code I found that the value is changed to 0 by
using atoi(). And from the doc (I also checked the source code and conformed
this): "Number is an integer from 0 (meaning unlimited) to 32767. 0 means
disable the limit."

Then I tried value 0, 1 and 100. Both 0 and 1 failed the test and 100 passed. I
understand the value 1 is too small for a normal client request might include
and there is clear log in logs/error_log: "AH00563: Number of request headers
exceeds LimitRequestFields." However, I didn't find any informative logs when I
set LimitRequestFields to 0 to show why the test fails, and I believe
LimitRequestFields = 0 is a valid value (no limit) although it may lead to
security issues.

Could you please help me check the source code and test code to see what's the
problem here, thanks a lot!

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 64925] Set LimitRequestFields = 0 fail the test

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64925

--- Comment #1 from Christophe JAILLET <ch...@wanadoo.fr> ---
Hi,

server_rec.t does not seem to be part of the test framework, so giving hints
may not be easy.

However, you can run test in a more verbose mode.
What is the output of:
   t/TEST -v <your_path>/server_rec.t
?

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 64925] Set LimitRequestFields = 0 fail the test

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64925

--- Comment #3 from tow-conf <ji...@gmail.com> ---
Created attachment 37566
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37566&action=edit
the buggy test

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 64925] Set LimitRequestFields = 0 fail the test

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64925

--- Comment #2 from tow-conf <ji...@gmail.com> ---
(In reply to Christophe JAILLET from comment #1)
> Hi,
> 
> server_rec.t does not seem to be part of the test framework, so giving hints
> may not be easy.
> 
> However, you can run test in a more verbose mode.
> What is the output of:
>    t/TEST -v <your_path>/server_rec.t
> ?

Thanks!! I find the problem

I run the test using -v

Actually there is one line in the logs/error_log is:
"# Failed test 20 in /mod_perl-2.0.10/t/response/TestAPI/server_rec.pm at line
74"

I checked the file (server_rec.pm) and found line 74:

" ok $s->limit_req_fields; "

And I check the comment in the file says:

> # XXX: This test needs to be mucho improved. currently it justs checks whether some value is set or not

So I guess here the line treats value 0 as not set because it is a bool logic.
I changed the line and the test passed and all the test suits passed.

" ok $s->limit_req_fields || 1; "

I add the original failed test file in the attachment, you can take a look.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org