You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by "Nick Vatamaniuc (JIRA)" <ji...@apache.org> on 2016/10/04 03:31:20 UTC
[jira] [Created] (COUCHDB-3174) max_document_size setting can by
bypassed by issuing multipart/related requests
Nick Vatamaniuc created COUCHDB-3174:
----------------------------------------
Summary: max_document_size setting can by bypassed by issuing multipart/related requests
Key: COUCHDB-3174
URL: https://issues.apache.org/jira/browse/COUCHDB-3174
Project: CouchDB
Issue Type: Bug
Reporter: Nick Vatamaniuc
Testing how replicator handled small values of max_document_size parameter, discovered if user issues PUT requests which are multipart/related, then max_document_size setting is bypassed.
Wireshark capture of a PUT with attachments request coming from replicator in a EUnit test I wrote. max_document_size was set to 10000 yet a 70k byte document with a 70k byte attachment was created.
{code}
PUT /eunit-test-db-147555017168185/doc0?new_edits=false HTTP/1.1
Content-Type: multipart/related; boundary="e5d21d5fd988dc1c6c6e8911030213b3"
Content-Length: 140515
Accept: application/json
--e5d21d5fd988dc1c6c6e8911030213b3
Content-Type: application/json
{"_id":"doc0","_rev":"1-40a6a02761aba1474c4a1ad9081a4c2e","x":"xxxx....
...xxxx","_revisions":{"start":1,"ids":["40a6a02761aba1474c4a1ad9081a4c2e"]},"_attachments":{"att1":{"content_type":"app/binary","revpos":1,"digest":"md5-u+COd6RLUd6BGz0wJyuZFg==","length":70000,"follows":true}}}
--e5d21d5fd988dc1c6c6e8911030213b3
Content-Disposition: attachment; filename="att1"
Content-Type: app/binary
Content-Length: 70000
xxxxx....xxxxx
--e5d21d5fd988dc1c6c6e8911030213b3--
HTTP/1.1 201 Created
{code}
Here is a regular request which works as expected:
{code}
PUT /dbl/dl2 HTTP/1.1
Content-Length: 100026
Content-Type: application/json
Accept: application/json
{"_id": "dl2", "size": "xxxx...xxx"}
HTTP/1.1 413 Request Entity Too Large
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)