You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2020/11/15 02:42:18 UTC
[Bug 64925] New: Set LimitRequestFields = 0 fail the test
https://bz.apache.org/bugzilla/show_bug.cgi?id=64925
Bug ID: 64925
Summary: Set LimitRequestFields = 0 fail the test
Product: Apache httpd-test
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: framework
Assignee: bugs@httpd.apache.org
Reporter: jirauser1996@gmail.com
Target Milestone: ---
Hi,
I'm working on testing software and its configuration. I'm using
mod_perl-2.0.10 (I think it is the official one) to test httpd-2.4.37.
I wrongly-set LimitRequestFields to a string and the test (server_rec.t)
failed. When I check the source code I found that the value is changed to 0 by
using atoi(). And from the doc (I also checked the source code and conformed
this): "Number is an integer from 0 (meaning unlimited) to 32767. 0 means
disable the limit."
Then I tried value 0, 1 and 100. Both 0 and 1 failed the test and 100 passed. I
understand the value 1 is too small for a normal client request might include
and there is clear log in logs/error_log: "AH00563: Number of request headers
exceeds LimitRequestFields." However, I didn't find any informative logs when I
set LimitRequestFields to 0 to show why the test fails, and I believe
LimitRequestFields = 0 is a valid value (no limit) although it may lead to
security issues.
Could you please help me check the source code and test code to see what's the
problem here, thanks a lot!
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64925] Set LimitRequestFields = 0 fail the test
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64925
--- Comment #1 from Christophe JAILLET <ch...@wanadoo.fr> ---
Hi,
server_rec.t does not seem to be part of the test framework, so giving hints
may not be easy.
However, you can run test in a more verbose mode.
What is the output of:
t/TEST -v <your_path>/server_rec.t
?
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64925] Set LimitRequestFields = 0 fail the test
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64925
--- Comment #3 from tow-conf <ji...@gmail.com> ---
Created attachment 37566
--> https://bz.apache.org/bugzilla/attachment.cgi?id=37566&action=edit
the buggy test
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 64925] Set LimitRequestFields = 0 fail the test
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=64925
--- Comment #2 from tow-conf <ji...@gmail.com> ---
(In reply to Christophe JAILLET from comment #1)
> Hi,
>
> server_rec.t does not seem to be part of the test framework, so giving hints
> may not be easy.
>
> However, you can run test in a more verbose mode.
> What is the output of:
> t/TEST -v <your_path>/server_rec.t
> ?
Thanks!! I find the problem
I run the test using -v
Actually there is one line in the logs/error_log is:
"# Failed test 20 in /mod_perl-2.0.10/t/response/TestAPI/server_rec.pm at line
74"
I checked the file (server_rec.pm) and found line 74:
" ok $s->limit_req_fields; "
And I check the comment in the file says:
> # XXX: This test needs to be mucho improved. currently it justs checks whether some value is set or not
So I guess here the line treats value 0 as not set because it is a bool logic.
I changed the line and the test passed and all the test suits passed.
" ok $s->limit_req_fields || 1; "
I add the original failed test file in the attachment, you can take a look.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org